ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

智能打车

v1.0.0

企业用车服务助手,支持即时用车、预约用车、接送机、包车等多种用车场景,提供车型选择、费用预估、订单管理等功能。Invoke when user needs to book a car, schedule a ride, airport transfer, or manage car service orders.

0· 31·0 current·0 all-time
byfenbeitong-trip@gaogao605·duplicate of @cs200809/ride-hailing-helper
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The description and SKILL.md explicitly state that the skill must call a real ride platform API and not fabricate prices/vehicles, yet the code (car_service_api.py) implements an internal simulated driver DB and randomized distance/price logic. No environment variables or credentials are requested/provided for integrating with a real provider. That mismatch between stated purpose (real API integration) and actual implementation (local simulation) is incoherent.
!
Instruction Scope
SKILL.md contains explicit operational constraints (must call real APIs, do not fabricate data) and detailed input/output schemas. However, the instructions do not provide how to supply platform credentials or endpoints. The pre-scan found 'unicode-control-chars' in SKILL.md (possible prompt-injection attempt to manipulate evaluation or hide content). The agent runtime could end up executing the provided Python scripts which implement local behavior rather than performing external API calls as the documentation requires.
Install Mechanism
There is no install spec (instruction-only), but two Python scripts are included and python3 is required — running the skill will execute local code. No external downloads or package installs are present in the manifest, which lowers supply-chain risk, but you should still review the full code (including truncated portions) for any network calls or hidden behavior before running.
!
Credentials
The SKILL.md's constraints imply the need for platform credentials/endpoints, but requires.env is empty and the code does not declare or read any API keys. Either the skill expects credentials to be supplied ad‑hoc (not declared) or the documentation is inaccurate; both are problematic. If the skill were to be modified to call external APIs, it would need credentials — the current package gives no guidance or safeguards for them.
Persistence & Privilege
The skill does not request always:true, does not declare config paths, and does not ask for system-level persistence. Agent autonomous invocation is allowed (default) but not combined with elevated privileges here.
Scan Findings in Context
[unicode-control-chars] unexpected: Hidden unicode control characters in SKILL.md are not expected for a ride-hailing helper; this can be used for prompt injection or to obscure instructions. This finding increases suspicion about whether the visible instructions fully reflect runtime behavior.
What to consider before installing
Do not run this skill in production or grant it network/credential access until the inconsistencies are resolved. Specifically: - Ask the maintainer to explain the mismatch: the README/constraints require calling a real provider API and forbids fabricating data, but the shipped Python code simulates drivers/prices and requests no API keys. Which is correct — simulation or real integration? - Request the missing pieces: if real API integration is intended, the skill should declare required environment variables (API endpoint, API key/secret) and show exactly where/how they are used. If it's a simulator, the SKILL.md should state that clearly and remove the 'must call real API' constraint. - Have a developer/auditor review the complete Python files (the manifest showed truncated content). Look for any network calls, hidden endpoints, data exfiltration, or code that reads environment files/credentials. The presence of unicode control chars suggests the documentation may hide content — sanitize and re-render the markdown to reveal hidden characters. - If you decide to test it, run the skill in an isolated sandbox without access to real credentials or sensitive network segments. Monitor network traffic to ensure it doesn't attempt unexpected outbound connections. If these questions remain unanswered or the author cannot provide transparent fixes, treat the package as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk973pnas4bb1vv02gfvwqh081d83yzv5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🚗 Clawdis
Binspython3

Comments