ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

legal-cn-api

v1.0.0

提供结构化中国法律条文检索API,按次付费,数据自动更新,支持实时查询最新法律法规内容。

0· 50·0 current·0 all-time
byFelix Feng@fengfelix
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The name/description (legal-cn-api search + x402 micropayments) aligns with the included code (FastAPI + Meilisearch + x402). However the skill declares no required environment variables or primary credential while the code expects a config.py with Meilisearch host/key, x402 wallet address and private key, price, and other settings. The project also ships moltbook-credentials.json (contains an API key / verification code) which is unrelated to the stated purpose and is a sensitive artifact. The mismatch between declared requirements and actual code/config is a coherence problem.
!
Instruction Scope
SKILL.md instructs cloning repos, running update_database.sh (which clones/imports external law datasets), installing requirements, launching Meilisearch, and editing config.py to insert a wallet private key. Asking the user to paste a private key into config.py is outside 'simple' search setup risk profile and should be explicit in the metadata. The SKILL.md also claims payments go 'to developer wallet' and shows developer contact — that could mislead users about who receives funds if defaults or example config point to the developer. The pre-scan also flagged unicode-control-chars in SKILL.md (prompt-injection pattern).
Install Mechanism
There is no automated arbitrary binary download; installation is standard: pip install -r requirements.txt and docker-compose up for Meilisearch. The code clones/uses third-party GitHub repos and optionally ModelScope via its Python API (snapshot_download) — those are known sources, but they pull external data at runtime. No use of opaque personal servers or URL shorteners for installs was observed.
!
Credentials
The runtime needs secrets (Meilisearch master key, optional x402 wallet private key/address) but the skill package declares no required env vars. In addition, a file moltbook-credentials.json containing an API key and verification/claim URLs is included in the repo — an exposed secret unrelated to Meilisearch or x402. This combination (undeclared secrets + shipped secret file) is disproportionate and risky.
Persistence & Privilege
The skill is not marked always:true and does not request elevated platform privileges. It does not modify other skills or system-wide settings. Autonomous invocation (disable-model-invocation:false) is the platform default and is not by itself flagged here.
Scan Findings in Context
[unicode-control-chars] unexpected: A prompt-injection pattern detector found unicode control characters in SKILL.md. This may be a false positive (we didn't see obvious malicious invisible characters in the visible content), but it should be inspected; the SKILL.md also contains persuasive language about payments and developer wallet which could be used to influence evaluation or install instructions.
What to consider before installing
Key points before installing or running this skill: - Secrets and config: The code expects a config.py containing MEILISEARCH_HOST, MEILISEARCH_MASTER_KEY and (optionally) X402_WALLET_PRIVATE_KEY/X402_WALLET_ADDRESS. The package metadata does not declare these env vars — treat this as a manual configuration step. Do NOT paste any private key you care about into config.py without reviewing the code. - Exposed secret file: The repo includes moltbook-credentials.json with an API key and other identifying fields. That file appears unrelated to the core service and may be a leaked credential. Remove or rotate any keys found in the repo before using, and do not publish that file. - Payment recipient: SKILL.md and main.py are written to accept payments to whatever private key/address is configured. If you run this service, ensure the configured wallet is yours; if you use the included example or developer-supplied values, payments may go to the developer. Verify config.py.example and never use third-party private keys. - Network actions: update_database.sh and utility scripts clone GitHub repos and the code can call ModelScope snapshot_download — these operations fetch external content. Run the import/update steps in an isolated environment and audit the imported data before indexing. - Audit and harden before production: Remove sensitive artifacts (moltbook-credentials.json), declare required env vars in your deployment, avoid storing private keys in plaintext (use environment variables or a secrets manager), and validate config.py.example contents. Consider running the service in a sandbox/VM and monitoring outbound network traffic the first time you run it. - If you need a short checklist: inspect config.py.example, delete/rotate any credentials in the repo, run imports in isolation, set Meilisearch master key to a strong value, and only configure your own wallet private key if you understand the payment flow and trust the code. Because of undeclared credential requirements and an included secret file, this skill is internally inconsistent and could lead to accidental key leakage or misdirected payments — proceed only after the fixes and audits above.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fy417v1eggcqwf1p2tdjn7183nss6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments