Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Questionnaire Assistant

v1.0.2

提供创建、编辑、发布、管理问卷、测评、投票、表单并查看报表与数据统计的在线问卷调查服务。

⭐ 0· 107·0 current·0 all-time

bywenjuanwang@hapehuang

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

Capability signals

CryptoRequires OAuth token

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

✓

Purpose & Capability

Name/description match the code: many scripts call wenjuan.com endpoints (create/update/publish/fetch/export/report) and implement the CLI flows described in SKILL.md. The requested resources and behavior (reading local tokens, making HTTP requests to wenjuan.com, publishing surveys) are coherent with the stated purpose.

ℹ

Instruction Scope

SKILL.md instructs the agent to run Node scripts that perform network requests to wenjuan.com, open report pages in the user's browser by default, import question JSON from arbitrary URLs or stdin, and read/write local token files (default ~/.wenjuan or skill .wenjuan). These actions are within the stated domain but broaden the agent's runtime capabilities: it will perform HTTP GET/POST to external endpoints, can open the local browser, and will access files in the user's home directory. That behavior is expected for this skill but may be surprising if the user did not expect local token creation/storage or automatic browser-opening.

ℹ

Install Mechanism

There is no automated install spec bundled with the registry entry (instruction-only), which lowers supply-chain risk. The repository includes setup.sh that, if run, will download/execute remote installer scripts (Homebrew install script, NodeSource setup via curl) and then run npm install. Running setup.sh / npm install will fetch third-party packages (package-lock.json present) — common but requires review of package.json/package-lock and caution when executing remote bootstrap curl|bash commands.

Credentials

The registry metadata declares no required env vars, but the SKILL.md and scripts read/write credentials from disk (e.g., ~/.wenjuan or a WENJUAN_TOKEN_DIR env var). The skill relies on a JWT token for API calls (token_store.js) and also uses a URL-signing utility (scripts/generate_sign.js) which the docs say contains an appkey/secret used to build signed query URLs. If that signing secret or appkey is hardcoded in the repo, it is sensitive — it would allow generation of signed URLs (potentially enabling privileged actions) without the user's account credentials. Confirm whether generate_sign.js embeds a secret, and inspect token_store.js to see where tokens are stored and whether they are transmitted anywhere outside wenjuan.com. Overall, the environment/access needs are plausible for the skill but require manual verification of secrets and storage behavior.

✓

Persistence & Privilege

The skill is not marked always:true and does not request elevated platform privileges. It persists login tokens locally (skill .wenjuan or ~/.wenjuan), which is normal for a CLI client; removal is manual per docs. It does not appear to modify other skills or global agent settings. Autonomous invocation is allowed (platform default) but not an extra privilege flagged here.

What to consider before installing

Key checks and precautions before installing or running: - Inspect scripts/generate_sign.js for any hard-coded appkey/secret. If a secret is embedded, treat it as sensitive: ask the author why it's needed and whether it should be replaced by per-user credentials. - Inspect scripts/token_store.js and references/auth.md to see exactly where tokens are read/written (default ~/.wenjuan or skill-dir .wenjuan). Understand how to revoke and delete those files; do not commit them to source control. - Review package.json and package-lock.json to see third-party dependencies; avoid running setup.sh or npm install without vetting these packages. setup.sh includes curl|bash calls (Homebrew/NodeSource) — running it will execute code fetched from the network. - Be aware that many operations will make network requests to wenjuan.com and that open_report.js will by default open the system browser. If you do not want automatic browser pop-ups or external network traffic, use the --no-open option and run scripts in a controlled environment. - If you plan to let an agent invoke this skill autonomously, consider restricting that autonomy until you confirm there are no embedded secrets and you accept the risk of the agent acting on your wenjuan account (creating/publishing surveys, exporting data). - For maximum safety, run the skill in an isolated environment (VM/container) and test with a throwaway wenjuan account first. If anything looks unexpected (external endpoints not under wenjuan.com, hard-coded secrets, or unexpected token transmissions), do not use the skill with real credentials.

✗

scripts/create_question.js:35