Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
薇薇发
v1.0.0支持上传和处理图片、文件及CSV,结合输入内容生成定制化文本回复,适用于聊天记录和工作流应用场景。
⭐ 0· 90·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description say it handles uploads and generates text from images/files, and the SKILL.md contains concrete upload and workflow endpoints and payloads consistent with that purpose. However, the skill hard-codes internal IP addresses and a public IP for upload/workflow endpoints without declaring that network access or credentials are required, which is a discrepancy worth flagging.
Instruction Scope
Runtime instructions instruct posting user images/files to several hard-coded endpoints (e.g., 10.73.171.38:30110 and 188.103.147.179:30181) and reference header 'currentuser' and an Authorization Bearer token in included logs—this means user data would be sent to those endpoints. The SKILL.md does not explain data retention, privacy, or who controls those endpoints, which is scope creep for a skill that claims only to 'process' files and reply with text.
Install Mechanism
There is no install spec and no code files to execute, so nothing is written to disk by an installation step. That reduces supply-chain risk, but runtime network calls described in the instructions remain the primary risk surface.
Credentials
The skill declares no required environment variables or credentials, yet the documentation and logs include an Authorization Bearer token and note using a currentuser header for uploads. Either required credentials are omitted from the manifest (mismatch) or the skill relies on ambient/implicit credentials — both are risky and disproportionate to the manifest.
Persistence & Privilege
The skill is user-invocable, not always-enabled, and does not request installation-time persistence or system-wide config changes. Autonomous invocation is allowed by default but is not combined here with 'always' or other privileged settings.
Scan Findings in Context
[hardcoded_internal_endpoints] unexpected: SKILL.md and logs contain multiple hard-coded internal IP addresses (10.73.171.38) and a public IP (188.103.147.179) used as upload/workflow endpoints. The skill does not declare that it requires access to these networks or which account owns them.
[embedded_bearer_token] unexpected: One included log file contains an Authorization: Bearer <token> example. Embedding a token in the skill artifacts is risky and the skill manifest does not declare any credential requirements or explain how auth is managed.
What to consider before installing
This skill appears to do what it says (upload/process images and files), but it contains hard-coded upload endpoints (internal IPs and a public IP) and even an example bearer token in the bundled files. Before installing or using it: 1) Verify who controls the listed endpoints and whether you trust them — the skill will send uploaded user files to those hosts. 2) Ask the publisher how authentication is handled and why no credentials are declared in the manifest. 3) Do not upload sensitive files until you confirm retention and access policies for the endpoints. 4) Prefer running this only in an isolated/test environment or behind network controls (block outbound to those IPs) until you obtain clarification. If you cannot get clear answers about the endpoints and token handling, treat the skill as risky and avoid installing it.Like a lobster shell, security has layers — review code before you run it.
latestvk975cm28rpv0t9w90694ad0vkx83epss
License
MIT-0
Free to use, modify, and redistribute. No attribution required.