Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
coze-workflow-runner
v1.0.0调用 Coze 工作流执行自动化任务,支持生成图片、处理数据等操作
⭐ 0· 99·0 current·0 all-time
bybeilunjuzhen@hanjin714
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims only to call Coze workflows and provide examples for image/text workflows, which matches included code that uses the cozepy client. However, the skill declares no required credentials/config, yet both SKILL.md and the script expect a local token file. The script hardcodes a user-specific path (/Users/hanjin/.openclaw/workspace-prod/coze/coze-tokens.md) while SKILL.md references ~/workspace-prod/coze/coze-tokens.md — this mismatch and the omission of the token as a declared requirement is incoherent.
Instruction Scope
Instructions direct the agent to read a local tokens file and a workflows file and to follow shortlink redirects and download images via curl. Reading a token file and writing downloaded images is within the skill's purpose, but the script reads a hardcoded path in another user's dot-directory which is outside the documented workspace path. That behavior increases the chance of reading unrelated/privileged secrets and is not documented in requires/config.
Install Mechanism
There is no install spec (instruction-only plus a helper script). This minimizes install-time risk. Note: the skill depends on the cozepy library and curl being available, but these dependencies are not declared.
Credentials
No environment variables or credentials are declared in metadata, yet the runtime expects a service token stored in a local file. The script looks for lines containing 'Bearer' and 'sat_' — i.e., a credential-like token — but this credential isn't declared as primaryEnv or required config. Requiring access to a token file without declaring it is disproportionate and raises risk of silent credential access/exfiltration.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It does not modify other skills' configs. Autonomous invocation is allowed (platform default) but not combined with other high-privilege flags.
What to consider before installing
Things to check before installing or running this skill:
- Confirm where your Coze service token is stored. The SKILL.md says ~/workspace-prod/coze/coze-tokens.md but the script reads /Users/hanjin/.openclaw/... — that hardcoded developer path is suspicious. Do NOT place high-privilege tokens in a file that this script might read. Use a dedicated service token with limited scope.
- Ask the author to declare the credential (primaryEnv or required config path) and to remove hardcoded, user-specific paths. Prefer explicit configuration (env var or configurable path) over hardcoded filesystem locations.
- Verify dependencies (cozepy, curl) will be available in your runtime; missing deps could cause fallback behaviors.
- Be cautious about automatic downloads of workflow output URLs: outputs are short links and the skill's instructions and script will follow redirects and download content. Review outputs before auto-downloading to avoid fetching malicious payloads.
- If you must run it, run in an isolated environment (throwaway account or container) and inspect the token file contents and code modifications first. If the developer cannot explain the path mismatch, treat it as unsafe.Like a lobster shell, security has layers — review code before you run it.
latestvk97cpdtprfktr025fyg5rdacjn83kxbw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.