ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

MeterSphere

v1.0.5

本项目将 MeterSphere REST API 与本地脚本能力整合,为 OpenClaw Agent 提供了一套高效、可复用的 Skills,支持自动生成功能用例、接口定义及接口用例,查询组织、项目、模块、用例评审与缺陷关联等信息,简化了测试资产管理流程,提升了团队的自动化效率。

0· 84·0 current·0 all-time
byzhao@fit2-zhao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The on-disk SKILL.md and skill-metadata.json declare required env vars (METERSPHERE_BASE_URL, METERSPHERE_ACCESS_KEY, METERSPHERE_SECRET_KEY) and required binaries (python3, openssl, curl). However the top-level registry summary shown to the platform reported 'Required env vars: none' and 'Required binaries: none' — a metadata inconsistency. The code and documentation do legitimately need the declared keys and binaries for MeterSphere API signing and HTTP calls, but the registry metadata mismatch is an incoherence that could hide the true credential requirements from reviewers or automated installers.
!
Instruction Scope
Runtime instructions and the included scripts stay within the MeterSphere API domain (queries, generate and create cases, import OpenAPI). However the scripts automatically load a .env file from the skill directory (which can cause secrets to be picked up unexpectedly) and accept an optional METERSPHERE_HEADERS_JSON that can inject arbitrary HTTP headers. The code also uses subprocess to call openssl and curl for signing and uploads. These behaviors are functional but broaden the attack surface and require careful review (especially HEADERS_JSON and automatic .env loading).
Install Mechanism
There is no install spec that downloads or executes external code; the package is instruction + bundled scripts. That reduces installer risk. The included scripts use common system binaries (python3, openssl, curl) rather than fetching code from untrusted URLs. No network-based installation step was found.
!
Credentials
Requested environment variables (BASE_URL, ACCESS_KEY, SECRET_KEY) are expected for an API client that signs requests locally. However: (1) scripts fall back to hard-coded templateId/versionId/projectId values when environment overrides are not set — risking accidental writes to another project; (2) METERSPHERE_HEADERS_JSON allows arbitrary header injection (could be abused if set to include auth headers for other services); (3) verify_installation prints truncated env values (first 10 chars) which may leak secret prefixes when run. These are proportionate to functionality but represent operational and security risks that must be managed.
Persistence & Privilege
always:false and no evidence the skill modifies other skills or system-wide configuration. The skill does auto-load a local .env file in its own directory and writes/reads temporary files during multipart uploads, which is normal for CLI tooling and limited to its directory.
Scan Findings in Context
[SUBPROCESS_EXEC] expected: Multiple scripts call subprocess.run to invoke openssl and curl for signing and HTTP uploads; this is expected for the implemented signing approach but increases the runtime surface (shell execution, temporary files). Review exact command lines and timeouts before use.
[HARDCODED_IDS] unexpected: scripts/ms_batch.py and ms_generate.py include hardcoded templateId/versionId/projectId fallbacks (e.g. 1163437937827890 / 1163437937827887 / 1163437937827840). The code warns about this, but hardcoded IDs can cause accidental writes to another project and are an operational risk.
[DOTENV_AUTOMATIC_LOAD] expected: Several scripts automatically load a .env file from the skill directory. This is useful for local convenience but can unintentionally expose secrets if the skill directory is shared or the .env is committed. Verify .env handling and file permissions.
What to consider before installing
Before installing or running this skill: 1) Treat the registry metadata mismatch as a red flag — inspect skill-metadata.json and SKILL.md in the package to confirm which env vars and binaries it actually needs. 2) Run everything first in an isolated sandbox (non-production MeterSphere instance) and monitor outbound traffic to confirm requests only go to your configured METERSPHERE_BASE_URL. 3) Use least-privilege API keys: prefer read-only keys for queries and separate limited keys for write/create operations; rotate keys after testing. 4) Set METERSPHERE_DEFAULT_TEMPLATE_ID, METERSPHERE_DEFAULT_VERSION_ID and METERSPHERE_PROJECT_ID to avoid the hardcoded fallback values. 5) Do not set METERSPHERE_HEADERS_JSON unless you understand and trust every header being injected — it can be used to attach credentials to requests. 6) Protect the .env file (do not commit it; set permissions to 600); be aware scripts will load .env from the skill folder automatically. 7) Inspect the scripts that call openssl/curl and temporary-file handling (ms_batch.py, ms_generate.py, ms.py) to ensure they meet your environment policies. 8) If you are not comfortable with local signing using SECRET_KEY (even though the scripts claim not to transmit it), consider using a read-only approach and avoid providing a high-privilege secret to this skill. If you want, I can point out the exact lines/files implementing the hardcoded IDs, the openssl/curl calls, and the .env loading so you can review them closely.

Like a lobster shell, security has layers — review code before you run it.

latestvk97azjp057pv8wqj4k30wr5tg184cxsq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments