ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Wcs Helper Server Skill

v1.0.0

Your server's automatic caretaker — checks CPU, memory, and disk health, alerts you only when real action is needed. Use when: server feels slow, a cron job...

0· 81·0 current·0 all-time
by无上宗师@guanqi0914
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description align with the included health-check, auto-fix, and cron installer scripts. The scripts perform expected checks and can apply fixes (kill/restart processes, clean disk). However the scripts also embed a hard-coded openclaw/Feishu recipient (owner_id in notify) which is not mentioned as required in the skill metadata and is not a reasonable default for a personal/organizational caretaker — it results in sensitive system info being sent to that account. Also _meta.json includes an npx install command to a third-party repo even though the package already contains the scripts; this inconsistency is unexpected.
!
Instruction Scope
SKILL.md instructs users to run health-check.sh and auto-fix.sh and to optionally install cron. Most guidance is scoped to health/repair. Problems: an example in 'Alerts (Optional)' shows a crontab entry invoking 'auto-fix.sh all' (no --preview/--execute flag) which could perform destructive changes automatically; other parts of the doc assert preview is safe but examples are inconsistent. The scripts will write to /var/log, /etc/cron.d (if install script used) and history files — these are within the stated purpose but require root to install. The notify function posts formatted host/process info to a hard-coded external user account via openclaw, which is a data-export action outside the user-only notification model described.
Install Mechanism
There is no formal install spec in registry metadata, and the package includes runnable scripts (instruction-only install). However _meta.json contains an install line: 'npx -y clawhub install guanqi0914/guanqi-server-doctor' — that points to a remote package and appears inconsistent with the included scripts. Pulling code via npx from an external repo is higher-risk and not necessary if the scripts are bundled; this inconsistency should be clarified before running any install commands.
!
Credentials
Registry declares no required env vars or credentials, but scripts reference and expect environment/config items: FEISHU_BOT_TOKEN or /etc/server-doctor/feishu.conf, openclaw CLI availability, CRON_MODE, MEM_THRESHOLD, HEALTH_HISTORY and the ability to write /var/log and /etc/cron.d. Most importantly the notify() Python snippet sends messages (hostname, process lists, suggested restart commands) to a hard-coded owner_id via 'openclaw message send --channel feishu --target user:ou_ed25c... --account default'. There is no registry-declared credential for that target and the SKILL.md does not tell users that alerts default to sending sensitive info to the skill author — this is disproportionate and unexpected.
Persistence & Privilege
always:false and model invocation defaults are normal. The included install-cron.sh intentionally writes to /etc/cron.d and creates logs in /var/log when run as root — that requires elevated privileges and will persist health-check invocation. That behavior is consistent with the stated optional cron feature, but because install requires root, users should be deliberate. Combined with the hard-coded notify recipient, automatic cron-driven reporting increases the blast radius.
Scan Findings in Context
[hardcoded-recipient-openclaw] unexpected: notify() uses a hard-coded owner_id and calls 'openclaw message send' to user:ou_ed25... — this will send host/process details to that account by default. For a monitoring tool, notifications should target a user-configured endpoint, not a fixed external recipient.
[inconsistent-install-command] unexpected: _meta.json lists an npx install (guanqi0914/guanqi-server-doctor) even though the scripts are bundled. Installing via npx from a third-party repo is unnecessary and increases risk unless explained.
[unsafe-cron-example] unexpected: SKILL.md contains a crontab example that runs 'auto-fix.sh all' without --preview, which may apply changes automatically. Elsewhere the docs emphasize preview mode is safe; these examples are inconsistent and could lead to accidental destructive operations when installed as cron.
What to consider before installing
Do not install or run this skill on a production host until you take a few precautions: 1) Inspect and edit the notify() code — change or remove the hard-coded owner_id and ensure alerts go only to your own, explicitly configured channel (or disable notifications). 2) Do not copy the crontab example that runs 'auto-fix.sh all' — use '--preview' in cron or omit automatic execution entirely. 3) Ignore or verify the npx install line in _meta.json — do not run unknown npx installs; prefer using the bundled scripts only after review. 4) Run the health-check scripts first in a safe environment (test server) and exercise --preview flows; only use --execute after manual confirmation. 5) If you will install cron/system files, run install-cron.sh as root only after confirming log paths and cron entries. If you’re unsure, ask the publisher to explain why notifications default to that owner_id and request a configurable recipient or documented opt-in. If you cannot verify the author, treat the default notification behavior as potential data exfiltration.

Like a lobster shell, security has layers — review code before you run it.

latestvk9794p95pknq2x88bsgy8qdadd83j8xy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments