ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

网络安全情报爬虫

v1.0.0

网络安全新闻爬虫,每小时自动从多个安全社区 RSS 抓取文章,存入 IMA 笔记。 触发场景:用户说"抓取安全新闻"、"网络安全日报"、"定时爬取安全资讯"、"安全新闻源管理" 或需要查看/管理安全新闻爬虫任务时使用此 skill。

0· 58·0 current·0 all-time
by@fallenqu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (security news + vulnerability crawler that writes to IMA) matches the code: both scripts fetch RSS / NVD data and call the IMA API. Requesting IMA credentials and a translation API key is proportionate to the stated purpose. However the registry metadata claims no required env vars while SKILL.md and the scripts clearly require IMA_OPENAPI_CLIENTID, IMA_OPENAPI_APIKEY and MINIMAX_API_KEY — a metadata inconsistency. The SKILL.md also references a scripts/run.sh that is not present in the file manifest.
!
Instruction Scope
SKILL.md and scripts instruct the agent/user to run shell commands that access files under ~/.openclaw/workspace (logs, data) and to run cron/system commands (crontab, run-parts). The vuln_crawler explicitly tries to read a global openclaw.json for a minimax key if MINIMAX_API_KEY is not set — i.e., it will inspect agent config files outside the skill directory. The SKILL.md notes run.sh contains hardcoded IMA env vars (which is risky) but run.sh is missing from the provided files. These behaviors expand the skill's scope beyond simple RSS fetching and deserve caution.
Install Mechanism
There is no install spec (instruction-only with included scripts). That is lower risk than arbitrary installers. The scripts use standard library networking and optional feedparser; nothing in the provided files downloads or executes remote archives or arbitrary installers.
!
Credentials
Requiring IMA_OPENAPI_CLIENTID and IMA_OPENAPI_APIKEY is appropriate for writing notes to IMA. Requiring MINIMAX_API_KEY for translation is reasonable if you opt into translation. However the vuln_crawler will also attempt to read minimax credentials from a global openclaw.json (agent configuration) if the env var is absent — this accesses agent-level configuration not declared in the registry metadata. SKILL.md also mentions run.sh has these creds hardcoded, implying credentials might be stored in the workspace filesystem; storing secrets in files increases leak risk.
Persistence & Privilege
always:false (normal). The skill writes data/logs and maintains local seen/last-run JSON under the skill workspace (expected for a crawler). The concerning part is implicit: SKILL.md talks about cron setup and the scripts assume a run.sh (missing) — if the run.sh when provided hard-codes credentials or modifies system cron, that would increase persistence/privilege risk. The scripts as provided do not alter other skills' configs or system-wide settings.
Scan Findings in Context
[pre-scan-injection] expected: No pre-scan injection signals were detected; network calls (HTTP client) and JSON file reads/writes are expected for a crawler. However lack of matches does not imply safety — code does read agent config files and call external APIs.
What to consider before installing
What to check before installing/using this skill: - Metadata mismatch: the registry entry lists no required env vars, but SKILL.md and the scripts require IMA_OPENAPI_CLIENTID and IMA_OPENAPI_APIKEY (mandatory) and MINIMAX_API_KEY (for translation). Do not rely on the registry metadata alone. - Inspect run.sh: SKILL.md and instructions reference scripts/run.sh and say it hard-codes the IMA credentials. The manifest does not include run.sh — ask the author for the file or inspect it before running. If it hardcodes credentials, remove them and use environment variables instead. - openclaw.json access: vuln_crawler.py will try to read a global openclaw.json to fetch a MiniMax key if MINIMAX_API_KEY is not set. That means the skill attempts to read agent-level configuration outside its directory. If you keep other secrets in openclaw.json, this skill could read them (the code only looks for a specific key path, but it's still reading the file). Consider setting MINIMAX_API_KEY explicitly in the environment and/or ensure openclaw.json does not contain other sensitive secrets. - Credential scope: only provide the IMA note credentials to this skill (and the MINIMAX API key only if you need automatic translation). Avoid giving the skill broader credentials (e.g., AWS keys) — they are unnecessary for its stated purpose. - Cron/privilege changes: the SKILL.md suggests adding hourly cron jobs and uses system-level commands in examples. The included scripts do not automatically install cron entries, but if you or a provided run.sh install cron entries, verify it does not modify unrelated system configuration or include hardcoded secrets. - Audit network endpoints: the scripts contact the IMA API (https://ima.qq.com) and MiniMax (https://api.minimaxi.com) and fetch many external RSS URLs. If you have network egress policies, allow only the expected endpoints. - Missing files / truncated code: the provided vuln_crawler.py was truncated in the listing; request the full source and the absent run.sh to complete your review. Without the full code, there is residual uncertainty. If you want to proceed, recommended safe steps: run the scripts in an isolated environment, provide only the minimal env vars (IMA creds and optionally MINIMAX_API_KEY), inspect or create a run.sh yourself that does not hard-code secrets, and verify openclaw.json is not readable or does not contain extra secrets you don't want the skill to access.

Like a lobster shell, security has layers — review code before you run it.

latestvk97esf6gnqy2faavzajca2vrbs83p0sf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments