Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Noodle Create Writing
v1.0.0自媒体文章生成技能 - 根据关键词自动搜索、汇总数据、生成抖音/小红书/微博文章,特别擅长美食(面食)主题
⭐ 0· 343·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to use the Tavily search API and SKILL.md instructs users to set TAVILY_API_KEY, but the registry metadata lists no required environment variables or primary credential. The code does not itself call an HTTP Tavily API; instead it shells out to a sibling 'tavily-search' skill directory. The declaration/requirements in metadata are therefore inconsistent with the documented runtime behavior.
Instruction Scope
SKILL.md and scripts instruct the agent to run search by executing an external tavily-search script via child_process.execSync. The command string includes user-supplied query text without escaping, which creates a command-injection risk. The README also contains detected unicode-control-chars (prompt-injection signal) which could be used to confuse evaluators or tooling. The scripts read and write local files (expected) but also attempt to execute code outside the package (../../tavily-search), which expands runtime scope beyond the skill's own files.
Install Mechanism
There is no formal install spec, but the SKILL.md tells users to run npm install and package.json lists reasonable dependencies. The risky part is runtime execSync of a node script in a sibling 'tavily-search' directory (../../tavily-search). That pattern assumes and will run code outside the package; if an attacker can place or control that sibling directory, arbitrary code could be executed. No external downloads are present in the manifest, but the inter-skill exec pattern increases attack surface.
Credentials
SKILL.md requires a TAVILY_API_KEY, but the skill metadata shows no required environment variables. The code does not directly read process.env.TAVILY_API_KEY (it delegates to the tavily-search script), so the credential requirement is indirect and undocumented in the registry. Requiring an API key for an external search service is reasonable in principle, but the omission from metadata and the delegation to an external script make the credential request disproportionate/untracked.
Persistence & Privilege
The skill does not request always:true, does not alter other skills' configs, and writes outputs only to a local ./output directory by default. Autonomous invocation (disable-model-invocation:false) is the platform default and not flagged here. No elevated or persistent system-wide privileges are requested.
Scan Findings in Context
[unicode-control-chars] unexpected: Unicode control characters were found in SKILL.md. This is not needed for a content-generation README and can be used for prompt-injection or to obscure text. Review the raw source to see where they appear and why.
What to consider before installing
What to check before installing or running this skill:
1) Credential mismatch: SKILL.md asks you to set TAVILY_API_KEY but the registry metadata does not declare any required env vars. Ask the publisher why this is missing, and only supply API keys to code you trust.
2) Command execution risk: search-content.js uses execSync to run a node script in a sibling tavily-search directory and places the user query directly into a shell command string without escaping. That can lead to command injection if the query contains quotes or shell metacharacters. Do not run this on untrusted inputs. Prefer running only after patching to use execFile/spawn with argument arrays or proper escaping.
3) External-skill dependency: the code expects a local ../../tavily-search installation and will execute it. Verify that tavily-search is the official package you expect and inspect its code before allowing execution. If that directory is missing or replaced by an attacker, arbitrary code could run.
4) Prompt-injection indicator: the SKILL.md contains unicode-control-chars which may be an attempt to hide or confuse content. Inspect the raw SKILL.md for hidden characters and sanitize before use.
5) Run in a sandbox: until you audit and/or fix the issues above, run the skill in an isolated environment (container or VM) with no sensitive credentials and limited filesystem/network access.
6) Remediations: (a) add TAVILY_API_KEY to the registry metadata if required; (b) avoid shelling out to sibling skill directories—use a documented API or invoke the tavily-search skill through the platform's official mechanism; (c) fix execSync usage to pass args safely; (d) remove unexpected unicode-control characters from SKILL.md.
Given the combination of undocumented credentials, shell execution of sibling code, lack of escaping, and prompt-injection signals, treat this package as suspicious until the above concerns are addressed.Like a lobster shell, security has layers — review code before you run it.
latestvk97cca7nena8s3w84qn8mp1mvx825b8m
License
MIT-0
Free to use, modify, and redistribute. No attribution required.