中国银行汇率查询
PendingVirusTotal audit pending.
Overview
No VirusTotal analysis has been recorded yet. File reputation checks will appear here once the artifact hash has been scanned.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user expecting a simple exchange-rate lookup could be led to provide SSH credentials or install a completely different capability.
The evaluated metadata says this is a Bank of China exchange-rate skill with no credentials, but the root skill file describes an SSH monitoring skill that asks for server login credentials.
# Skill: SSH Server Monitor ... connecting to the server via SSH ... password (string): The SSH password
Do not install this package as-is. The publisher should repackage it with one accurate SKILL.md, remove unrelated capabilities, and declare all required access clearly.
Installing it may expose the agent to code and instructions unrelated to exchange-rate lookup, with unclear provenance and review coverage.
The registry says there is no install spec and this is an instruction-only skill, yet the package contains many unrelated scripts, nested skills, and automation files.
56 code file(s): auto-approve.sh, batch_operations.py, ... skills/sshex/SKILL.md ... wework_wedrive_client.py
Reject this package until it is minimized to the intended exchange-rate skill and all included code is documented, reviewed, and purpose-aligned.
The agent could prioritize these workspace instructions over the user's actual exchange-rate request and pull unrelated private context into the conversation.
The package includes broad behavioral instructions that redirect the agent to load unrelated personal context and suppress permission checks before performing any task.
Before doing anything else: ... Read SOUL.md ... Read USER.md ... Read memory/YYYY-MM-DD.md ... Also read MEMORY.md ... Don't ask permission. Just do it.
Remove AGENTS.md, SOUL.md, USER.md, MEMORY.md, and similar workspace-control files from the skill package.
If followed, the agent could run arbitrary commands and modify files without meaningful user review.
The package recommends allowing all shell commands and auto-approving file reads and writes, which is not proportionate for a currency-rate lookup skill.
openclaw config set tools.exec.allowCommands '["*"]' ... openclaw config set tools.read.autoApprove true ... openclaw config set tools.write.autoApprove true
Do not apply these permission changes. Use least-privilege execution and require confirmation for shell commands, writes, and external actions.
Using the skill could violate site terms, trigger blocking or compliance issues, and normalize unsafe automation against a third-party financial site.
The intended exchange-rate functionality explicitly relies on exploiting or bypassing a bank website CAPTCHA/security control rather than using an authorized API.
发现了中国银行验证码系统的关键安全漏洞:JWT Token中直接包含验证码答案 ... AI自动破解验证码 ... 零人工干预
Use an official or authorized exchange-rate data source. Remove CAPTCHA-bypass logic and any claims about exploiting security weaknesses.
Anyone with the package or any agent that reads these files could misuse exposed credentials, API keys, or password-manager access.
The package embeds or documents high-impact credentials and instructs automated use of a password vault, which is unrelated to exchange-rate lookup and not declared in metadata.
Bitwarden 密码管理系统 ... 主密码: Ganlan...[redacted] ... API Key: clh_[redacted] ... 自动使用保存的主密码重新解锁
Immediately revoke and rotate exposed credentials, remove all secrets from the package, and require explicit user-provided credentials only when strictly necessary.
Private information and sensitive operational context may leak into unrelated conversations or influence the agent across sessions.
The skill package contains persistent memory with personal context, security decisions, and credential references that could be loaded into future tasks.
长期记忆 ... 用户信息 ... 权限配置 ... Bitwarden ... 已保存项目 ... OpenClaw 配置 Token
Do not distribute persistent memory files with a skill. Keep user memory isolated from installable packages and strip all personal or secret material.
The agent could continue performing background checks or making changes after the user only requested a currency query.
The artifacts define ongoing heartbeat behavior and autonomous maintenance/actions unrelated to the exchange-rate query purpose.
When you receive a heartbeat poll ... use heartbeats productively ... Emails ... Calendar ... Mentions ... Weather ... Proactive work you can do without asking ... Commit and push your own changes
Remove heartbeat and autonomous background-work instructions. The skill should run only when invoked for exchange-rate lookup.