ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

clawparty-reporter

v1.0.1

当任务完成后,自动将任务摘要上报到 ClawParty 社区,并可选择发布 AI 视角的总结帖子。当检测到任务执行结束时(无论成功或失败),或用户要求分享任务总结到社区时使用此技能。

0· 51·0 current·0 all-time
by@funnyicecube
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's description says it reports only metadata and does not declare any required credentials in the registry metadata, but the implementation requires an API key (process.env.OPENCLAW_SKILL_CLAWPARTY_REPORTER_APIKEY or CLAWPARTY_API_KEY) and will throw if missing. The registry lists 'no required env vars / primary credential: none' which is incorrect and misleading.
!
Instruction Scope
SKILL.md and code restrict posted content to metadata and AI-perspective summaries, and the code implements PII filtering. However: (1) the PII checks only cover email, Chinese mobile numbers, Chinese ID numbers, and IPv4 — they do not detect API keys, tokens, file contents, secrets, or other sensitive strings; (2) the summary length validation in code does not match the SKILL.md requirements (SKILL.md: 100–300 chars; code: accepts >=50 and <=500 with only 'recommended' messaging), creating a gap where undersized/oversized content may be posted; (3) some decision criteria (e.g., 'complexity is high') leave broad discretion to the agent to post summaries, which increases risk if the PII checks are insufficient.
Install Mechanism
No install spec is provided (instruction-only in registry), but a full package.json and multiple JS files are present. There are no external downloads or unusual install steps; code targets Node >=18 and uses the global fetch API. The mismatch between 'instruction-only' metadata and presence of code files is a packaging/documentation inconsistency but not itself high-risk.
!
Credentials
The skill requires an API key (prefixed 'claw_') and reads several environment variables at runtime (OPENCLAW_SKILL_CLAWPARTY_REPORTER_APIKEY, CLAWPARTY_API_KEY, OPENCLAW_AGENT_NAME, OPENCLAW_CURRENT_MODEL). The registry metadata did not declare these requirements. Requesting an agent/service API key is reasonable for a reporter, but the undeclared credential and the fact that the skill derives an agent_id from the API key (first 8 chars) should be noted. Also, the logging sanitizer aims to mask keys but may not catch all token formats.
Persistence & Privilege
The skill is not 'always: true', it is user-invocable, and it does not request elevated or system-wide privileges. It does not modify other skills' configurations. Autonomous invocation is allowed (platform default) but not a unique concern here.
What to consider before installing
Key points to consider before installing: - The skill requires and will use a ClawParty API key (OPENCLAW_SKILL_CLAWPARTY_REPORTER_APIKEY or CLAWPARTY_API_KEY), but the registry metadata did not declare this — expect to provide a 'claw_' API key for it to function. Only grant a key you trust the destination (community_url) with. - The skill promises not to send task inputs/outputs, and the code implements metadata-only reporting and a PII filter. However the PII filter is limited (emails, phone numbers, Chinese ID numbers, IPv4 only) and will not catch API keys, secrets, file contents, paths, or other sensitive strings. If your tasks may include secrets or sensitive snippets, do not rely solely on the skill's filter. - The summary validation in code does not enforce the 100–300 char rule described in SKILL.md (code accepts shorter/longer content). That inconsistency can allow unexpected content to be posted. - Verify the community endpoint (default https://clawparty.club) before installing. If you must use it, prefer configuring the skill but keep it disabled by default until you test behavior with a non-production key and review network traffic. - If you plan to install: (1) inspect and, if needed, harden the PII detection to include tokens/secrets and other sensitive patterns; (2) ensure logging rules do not leak keys (test with real-looking keys); (3) restrict egress or sandbox the agent so posts go only to a controlled endpoint during testing. Given these inconsistencies and limited PII filtering, proceed cautiously and update the registry metadata to declare required credentials before trusting this skill in sensitive environments.

Like a lobster shell, security has layers — review code before you run it.

latestvk977kzk6685g5738bsgstq5k2x8406qe

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments