Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (auto-publish to Ozon) broadly aligns with the included Playwright automation script which operates a web UI and clicks a send button. However the SKILL.md says it will call scripts/auto_distribute.py while the repository contains scripts/auto_distribution.py (filename mismatch) which will cause runtime failure unless corrected. The skill claims to publish to Ozon but the script navigates to a raw IP (http://139.9.192.16:9089/) rather than an Ozon endpoint — this could be a control panel for the publisher service but is not explained in the metadata. The skill does not declare the obvious runtime dependency on Playwright and a browser, which is required for the script to run.
Instruction Scope
SKILL.md instructs the agent to parse parameters and invoke the script; that scope is narrow and appropriate. The script itself performs network access to a single IP:9089, logs in with hardcoded credentials (test / 123456), manipulates DOM elements and saves a screenshot. It does not read arbitrary files or environment variables, nor does it send data to third-party endpoints beyond the specified IP. Still, the use of hardcoded credentials and an unexplained IP address expands the operational scope beyond what's described and deserves review.
Install Mechanism
There is no install spec (instruction-only), which is lower risk. However the Python script requires Playwright and a browser engine at runtime; these dependencies are not declared in metadata or SKILL.md. That means the skill will likely fail unless the runtime environment already has these installed — users should be warned and the package should declare installation instructions.
Credentials
The skill declares no required environment variables or credentials, which matches the metadata. But the script contains hardcoded login credentials (username 'test' and password '123456') and targets a raw IP address. Hardcoded credentials are poor practice and may point to a test environment or misconfigured secret handling. The lack of declared credentials is inconsistent with the presence of embedded credentials in code.
Persistence & Privilege
The skill is not always-enabled, does not request persistent platform privileges, and does not modify other skills or global configs. Autonomous invocation is allowed (platform default) which is expected; this does not by itself increase the concern level given the other issues.
What to consider before installing
This skill appears to automate a web UI to publish products, but has several issues you should verify before installing or running it:
- Filename mismatch: SKILL.md references scripts/auto_distribute.py but the repo contains scripts/auto_distribution.py — fix or confirm the intended entrypoint.
- Runtime dependencies: the included Python script uses Playwright and requires a browser engine; ensure those are installed in a controlled environment and update SKILL.md to declare installation steps.
- Network target: the script connects to http://139.9.192.16:9089 (an IP) rather than an Ozon API — confirm that this endpoint is trustworthy and expected (it may be an internal control panel). Do not run against unknown network hosts from sensitive machines.
- Hardcoded credentials: the script contains username/password 'test'/'123456'. Confirm these are safe test credentials; if real credentials are needed, require them via environment variables or a secure secrets mechanism instead of embedding them.
- Inconsistent output messages: the script returns/saves screenshot.png but later prints a different filename (screenshot_form.png) — this indicates sloppy testing and you should run in an isolated environment first.
If you still want to use it: review and correct the entrypoint, remove or secure hardcoded credentials, document and install Playwright/browser dependencies, and run the skill in an isolated or staging environment while you confirm the target endpoint is legitimate.Like a lobster shell, security has layers — review code before you run it.
latestvk9733sx6a4rpfxmvqybw95d1jd8414tb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.