Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
干饭 skill
v0.1.0干饭决策助手。帮你决定今天吃什么,发现附近餐馆,一键生成餐馆 Skill。 支持 /eat 系列命令。问"吃什么"、"附近有什么吃的"、"帮我选"时触发。
⭐ 0· 51·0 current·0 all-time
byhash panda@hash-panda
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the included code (recommendations, discover via AMap, generate restaurant Skills). However the registry metadata declares no required env vars while SKILL.md and code rely on an AMAP_WEBSERVICE_KEY for nearby-search and navigation. Also README and scripts expect 'npm install' (package.json/package-lock present) though the registry listed no install spec — mismatch between claimed 'instruction-only / no install' and actual code dependencies.
Instruction Scope
Runtime instructions ask the agent to create/read/write user-profile.json and to read/write under restaurants/ (generator can write SKILL.md and YAML). It also tells the agent to run vendor/amap-lbs-skill Node/Python scripts (which will call external AMap APIs) if an AMAP key is provided. Those file and network operations are coherent with the purpose, but they grant filesystem write capability and network access to an external map API — the user should be aware.
Install Mechanism
Registry lists no install spec, but repository includes package.json and package-lock and README instructs 'npm install' and running scripts. Installing will fetch npm dependencies (lockfile points to npm registry mirror URLs) and use the bundled local 'vendor/amap-lbs-skill'. There are no suspicious arbitrary download URLs in the files shown, but running npm install will pull standard packages from the registry — consider running in an isolated environment or reviewing package-lock before install.
Credentials
The skill requires (per SKILL.md) AMAP_WEBSERVICE_KEY to enable /eat-discover and /eat-navigate, yet the registry metadata lists no required env vars. No other credentials are requested. The omission of AMAP_WEBSERVICE_KEY in the declared requirements is an incoherence that could mislead users about external API usage.
Persistence & Privilege
The skill is not force-enabled (always:false) and uses the platform-default autonomous invocation. It will, if used as instructed, create and update local files (user-profile.json, restaurants/*) and the README suggests auto-registering scheduled reminders (cron/claude schedule/OpenClaw). That behavior is expected for this kind of skill but it does modify local files and may be set up to run periodically — confirm and control any scheduled tasks.
What to consider before installing
This Skill appears to do what it says (help pick food, search nearby using AMap, and generate restaurant Skill files), but there are a few mismatches you should be aware of before installing:
- SKILL.md and the code use an AMAP_WEBSERVICE_KEY (Gaode/AMap) for nearby search/navigation, but the registry metadata lists no required env vars. If you provide a key it will be used for network calls; if you don't, those features degrade to local-only behavior. Only provide API keys you control and review their permissions/quota.
- The package contains package.json/package-lock and README instructs running 'npm install' and some scripts (node schedule/nudge.mjs, vendor scripts). Installing will fetch npm packages from the registry — inspect package-lock and vendor/amap-lbs-skill before running in a production environment. Consider installing in an isolated environment (container/VM) if you are unsure.
- The Skill will read/write local files: it stores user-profile.json and can write restaurants/{slug}/SKILL.md via the generator. If you don’t want files written into your environment, avoid running generator scripts or running automated install hooks.
- Scheduled reminders are described as 'auto-enabled' on install in the docs; verify what your agent/platform actually does (OpenClaw, Claude schedule, crontab examples). Don’t allow the skill to register system-wide cron jobs unless you review the commands.
- If you plan to use /eat-discover or /eat-navigate, review vendor/amap-lbs-skill code (JavaScript + a Python helper is included) to confirm network behavior and to ensure it only calls the expected AMap endpoints.
Recommendation: if you want this functionality, run it in a controlled environment, review package-lock and vendor code, supply only a dedicated AMAP key, and verify any scheduled task registration steps manually. The inconsistencies in declared requirements (missing AMAP env var and lack of install spec) make this skill 'suspicious' but not clearly malicious.vendor/amap-lbs-skill/scripts/route-planning.js:174
Shell command execution detected (child_process).
vendor/amap-lbs-skill/index.js:59
Environment variable access combined with network send.
vendor/amap-lbs-skill/index.js:14
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk970e3ekeybhneywjca29c4x1584ehq8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.