ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Wcs Helper Network Skill

v1.0.1

SSH tunnel for China servers to access internationally blocked sites (GitHub, ClawHub, HuggingFace, arXiv, Google, YouTube). Password-auth based, one-command...

0· 54·0 current·0 all-time
by无上宗师@guanqi0914
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The described capability (autossh + sshpass + proxychains to provide a SOCKS5 tunnel) is coherent with the skill's purpose. The _meta.json lists reasonable runtime requirements (autossh, proxychains4, sshpass). However the packaged files do not include the many referenced helper scripts (connect.sh, sg-*.sh, etc.) that the README and SKILL.md repeatedly instruct you to run; the Python handler calls a connect.sh path under the skill directory but that script is absent from the bundle. This missing-file mismatch is unexpected and unexplained.
!
Instruction Scope
SKILL.md explicitly instructs users to send server IP/port/username/password via a Feishu private chat slash command. That means sensitive SSH passwords are entered into a messaging channel and will be processed by the agent. The runtime code (tunnel_handler.py) delegates to a connect.sh script (not present) which would presumably create ~/.wcs_tunnel.conf and may install systemd services. The instructions therefore require handling and persistent storage of plaintext passwords and encourage use of sshpass (which places passwords on the command line), both of which expand scope beyond a simple helper and increase risk of credential exposure.
!
Install Mechanism
There is no install spec (instruction-only), and only one code file is packaged (scripts/tunnel_handler.py). README/SKILL.md describe many shell scripts and an install-service step that would create systemd units, but those scripts are not present in the manifest. Because the Python handler calls an external connect.sh that isn't included, the package as provided is incomplete — if the missing scripts are fetched later from an external source at install time, that would be a higher-risk install pattern (arbitrary code from network).
!
Credentials
The manifest itself does not request environment variables, but README suggests environment variables for automation (TUNNEL_HOST, TUNNEL_USER, TUNNEL_PASS) and SKILL.md/README state credentials are stored in ~/.wcs_tunnel.conf. The skill asks the user to provide high-sensitivity secrets (SSH password) via chat, and recommends sshpass (which exposes passwords to process listings). Requesting and storing a plaintext SSH password is disproportionate compared with the minimal claim 'start an SSH tunnel' — a more secure, proportional design would recommend an SSH key or prompt locally rather than sending passwords via chat.
Persistence & Privilege
The skill does not set always: true and does not itself modify other skills. However SKILL.md/README describe an 'install-service' option to create a systemd service for auto-starting the tunnel. If connect.sh implements that, it grants system-level persistence (systemd unit). Because connect.sh is not present, we cannot inspect what that action would do, so this is a cautionary note: a legitimate feature but one that requires elevated privileges and should be audited before being run.
What to consider before installing
This skill may be trying to do what it claims (create an SSH SOCKS5 tunnel), but there are several red flags you should address before installing: - Missing scripts: The package only includes tunnel_handler.py, but SKILL.md and README repeatedly refer to connect.sh and many helper scripts that are not present. Do not run commands that download or execute missing scripts from unknown URLs without inspecting them first. Ask the author for the full package or the missing files and inspect connect.sh and any systemd install scripts. - Password handling: The instructions tell you to send your server password in a chat command. That exposes the password to the messaging service, agent processing, and any logs. Prefer SSH key authentication and avoid sending secrets in chat. If you must use a password, verify where and how it is stored (inspect ~/.wcs_tunnel.conf) and ensure it is not sent to external endpoints. - sshpass risks: The skill recommends sshpass, which places the password on the command line and can be observed by other processes/users. Consider using key-based auth or an SSH agent instead. - systemd auto-start: The skill mentions installing a systemd service. Only allow that after reviewing the exact service file to confirm it does nothing unexpected. - If you still want to try it: run in an isolated VM/container, create a throwaway VPS account, replace password auth with a dedicated limited account, and audit the connect.sh and related scripts before giving any real credentials. If the author cannot provide the missing scripts for review, avoid installing.

Like a lobster shell, security has layers — review code before you run it.

chinavk975km73dcpyyfcn7js5jze2p583j3emgithubvk975km73dcpyyfcn7js5jze2p583j3emlatestvk978wmbaekmpmvb2zdks2g437h83jgk7networkvk975km73dcpyyfcn7js5jze2p583j3emproxyvk975km73dcpyyfcn7js5jze2p583j3emsshvk975km73dcpyyfcn7js5jze2p583j3emtunnelvk975km73dcpyyfcn7js5jze2p583j3em

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments