Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
我的大明朝廷
v1.0.2自动接收微信指令,校验意图并审核政令,调度执行文生图视频任务,管理预算和链路,保障流程安全稳定运行。
⭐ 0· 111·0 current·0 all-time
by@fenzyh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The description promises automatic reception of WeChat commands and end-to-end orchestration, but the package metadata lists no required env vars or credentials (no WeChat API token, webhook URL, or similar). The codebase and workflow files clearly implement heavy image/video execution (ComfyUI workflows, comfyui_client, MinFuTeam), which aligns with the 'generate images/video' capability. However the advertised '接收微信指令' capability is not justified by declared requirements — either the WeChat connector is missing/unexposed or required credentials are not declared in skill metadata.
Instruction Scope
SKILL.md and guides instruct the agent to read/write task archives, manage token ledgers on the filesystem, and call external services (ComfyUI servers). The JINYIWEI guide includes an example callback that POSTS patrol reports to an external URL (https://external-monitor.com/api/reports). That means the runtime may transmit structured operational/audit data externally if callbacks are configured. The docs also instruct copying the whole skill tree into OpenClaw's skills directory and running local CLI scripts (access to filesystem). These behaviors are plausible for the stated purpose, but the instructions give broad discretion to contact external endpoints and write persistent logs — and the skill metadata did not transparently declare those outgoing endpoints or required credentials.
Install Mechanism
There is no external download/install spec in the registry entry — this is an instruction-and-code bundle. All code is included in the package (no remote extract/download). That lowers supply-chain risk compared to fetching code at install time. Still review included Python dependencies (requirements files) before pip installing.
Credentials
The skill metadata declares no required env vars or primary credential, but the docs and cleanup report clearly require configuration: PROJECT_ROOT, COMFYUI_SERVER_IP, COMFYUI_SERVER_PORT, VENV_PATH and optional JINYIWEI_PATROL_INTERVAL. The mismatch (declared none vs. runtime needs) is an incoherence. Several config files set verify_ssl: false for ComfyUI and contain placeholders for base URLs — if misconfigured the skill could communicate insecurely or to remote servers. No explicit secrets are required by metadata, but runtime behavior will depend on network addresses and possibly API keys if authentication is enabled later.
Persistence & Privilege
always:false (normal). The skill will persist files to disk (task archives, ledgers, logs) per its design; that is expected for a workflow/audit tool. The default ability for the agent to invoke the skill autonomously (disable-model-invocation:false) is normal for skills, but combined with the ability to call external endpoints and write persistent logs it increases the potential blast radius if misconfigured — a configuration that registers external callbacks or points COMFYUI at an internet-accessible endpoint would widen impact.
What to consider before installing
Summary of practical checks before installing:
1) Verify claimed integrations: confirm where WeChat commands are received and what credentials (webhook URL, API key) are required. The skill's metadata declares none — ask the author or inspect code for a WeChat connector before enabling it.
2) Inspect comfyui_client and scheduler code (skill1/bu/gong/) for network calls and callback behavior. Ensure COMFYUI base_url is set to a trusted local host/IP and enable SSL/verify SSL if available.
3) Treat examples that POST reports to external-monitor.com as illustrative only; check whether any code will automatically register or call external endpoints. If you do not trust remote endpoints, remove or disable callback registration code.
4) Provide required environment variables explicitly and run the skill in an isolated test environment (container or VM) first. Set PROJECT_ROOT to a dedicated directory and examine logs and active_tasks before granting wider permissions.
5) Review logging/retention and ensure logs do not leak sensitive data. The package writes persistent archives and logs; configure strict filesystem permissions and log rotation.
6) Audit dependencies (requirements.txt) before pip install; run unit/integration tests in an offline environment if possible.
If you need help locating the WeChat handling code or confirming whether the package will call any external endpoint automatically, provide the specific files (e.g., skill1/… files) you want inspected and I can highlight the exact call sites and data flows.Like a lobster shell, security has layers — review code before you run it.
latestvk9776wht4ab4g532zqfqs6za5583j30c
License
MIT-0
Free to use, modify, and redistribute. No attribution required.