Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to publish products to the Ozon platform, but the included script navigates to a raw IP (http://139.9.192.16:9089/) rather than Ozon's API or web domain. The SKILL.md does not declare required runtime dependencies (the script uses Playwright), and the script contains hard-coded login credentials (test/123456). These inconsistencies indicate the implementation does not match the stated purpose and raise questions about the actual target and expectations.
Instruction Scope
SKILL.md instructs the agent to call scripts/auto_distribute.py when parameters are present but does not instruct installation of Playwright or browser binaries required by that script. The runtime instructions do not disclose the target host used by the script. The script will perform network actions (visit an IP, log in, click buttons) but SKILL.md does not document those external endpoints or required credentials.
Install Mechanism
No install spec is provided even though the script requires Playwright and browser runtimes (and possibly OS-level browser dependencies). That omission means the skill will fail or behave unexpectedly unless the environment already has Playwright and compatible browsers installed. There is no download/install URL or package declaration to justify the missing dependency.
Credentials
The skill declares no required environment variables, but the code embeds hard-coded credentials (username 'test', password '123456') and connects to an IP address. Requiring no declared secrets while using fixed credentials is inconsistent — the author should explain whether credentials are placeholders and whether any environment variables (API keys, login creds) are needed. Network access to a raw IP without documentation is also disproportionate to the stated high-level purpose.
Persistence & Privilege
The skill does not request always:true, does not declare persistent config paths, and does not modify other skills. Autonomous invocation is permitted by default but not combined with other privilege escalations here.
What to consider before installing
Do not install or run this skill in a production environment until the author clarifies and fixes several issues: (1) Confirm the real target — the code visits http://139.9.192.16:9089/ (an IP) instead of Ozon's domain; explain why. (2) Declare and remove hard-coded credentials or replace them with required environment variables and document how to obtain credentials. (3) Add an install spec or clearly document the requirement to have Playwright and browser runtimes installed; otherwise the script won't run. (4) Fix small bugs / mismatches (script prints a different screenshot filename than it saves). (5) If you must run it for testing, do so in an isolated environment (sandbox/VM) and use test accounts; inspect network traffic to ensure no unexpected exfiltration. Ask the publisher for a corrected SKILL.md that documents endpoints, dependencies, and credential handling before trusting this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk975ynvh3n53689k96cw1gf011841p54
License
MIT-0
Free to use, modify, and redistribute. No attribution required.