ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

XGJK BP Audit

v3.5.0

BP目标体系全面审计工具:对BP进行五大板块审计——基础合规性审计、向上对齐审计、向下承接审计、GAP 差异分析、数值对齐审计。 覆盖结构完整性、内容质量、逻辑自洽、对齐正确性、承接覆盖率、数值定义与算法、上下级差异识别等维度。 内置数据查询能力,当用户需要对BP目标体系进行系统性审计诊断时使用。

0· 62·0 current·0 all-time
by@houtonghoutong
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to query/update a BP Open-API service (expected). However the package metadata declares no required environment variables or primary credential while the shipped script (scripts/bp-audit/bp_api.py) requires BP_OPEN_API_APP_KEY and uses a hardcoded default production base URL. The included docs (common/auth.md) mention a different env var name (XG_BIZ_API_KEY) and auth priorities, creating ambiguity about which secret is actually required. The mismatch between declared requirements (none) and actual needs (API key) is disproportionate and incoherent.
!
Instruction Scope
SKILL.md instructs the agent to run the bundled CLI script to perform read and controlled write operations (add_key_result, add_action). That scope is consistent with an audit tool. But there are several instruction/code inconsistencies: SKILL.md examples reference executing python3 .cursor/skills-v3/bp-audit/scripts/... while the repository contains scripts/bp-audit/bp_api.py (path mismatch). Authentication guidance (common/auth.md) names a different env var than the script uses. The instructions allow write actions only on explicit user request, which is reasonable, but because writes are supported the instruction set must clearly declare and require the API credential and describe safe confirmation prompts — that is missing or inconsistent.
Install Mechanism
No install spec / no external downloads. The skill is instruction + a local Python script; no installers or remote fetches were found. This lowers supply-chain risk. However, the script depends on the 'requests' Python package; the skill does not declare runtime dependency metadata (e.g., a requirements.txt).
!
Credentials
The script requires an API key (BP_OPEN_API_APP_KEY) to call a production API, but the skill's registry metadata lists no required env vars and no primary credential. Additionally, documentation files reference a different env var (XG_BIZ_API_KEY) and also mention an appKey header in prose. The skill should have clearly declared a single primary credential in metadata; the current state is inconsistent and risks silent failures or accidental use of the wrong secret. Because the API key grants access to potentially sensitive organizational BP data (and can be used for writes), this omission is material.
Persistence & Privilege
always:false (good). disable-model-invocation is false (normal). The skill can perform autonomous calls and supports write endpoints — this raises the blast radius if the agent is allowed to call skills autonomously and if the appKey is present in the environment. While not inherently a privilege escalation, it does increase risk when combined with the env/metadata inconsistencies. There is no evidence the skill modifies other skills or system-wide agent settings.
What to consider before installing
Key things to check before installing or enabling this skill: - Credentials: The bundled script expects an API key (BP_OPEN_API_APP_KEY) but the skill metadata declares no required env vars; docs also mention XG_BIZ_API_KEY. Confirm which env var the deployer must set, and ensure the skill metadata/registry is updated to declare that primary credential before installation. - Endpoint and scope: The script defaults to a production base URL (https://sg-al-cwork-web.mediportal.com.cn/open-api). Verify that this is the intended backend for your environment. If you want to test safely, point BP_OPEN_API_BASE_URL to a non-production test endpoint. - Write operations: The CLI supports add_key_result and add_action (POST). Ensure you only allow the skill to perform writes after explicit user confirmation. Prefer disabling autonomous invocation for this skill or require an explicit confirmation interaction when a write action is requested. - Path and runtime consistency: SKILL.md example call paths ('.cursor/skills-v3/...') do not match the actual script location ('scripts/bp-audit/bp_api.py'). Update documentation or the path used by the agent so runtime commands won't fail or cause accidental full-tree searches. - Dependencies: The script uses the Python requests library but the package doesn't declare dependencies. Ensure the runtime has required Python libraries or add a requirements file to the skill manifest. - Least privilege: Provide the skill with an API key that has only the minimal permissions needed (prefer read-only for audits unless user explicitly requests a write), and rotate/revoke keys used for testing. - Code review: If you rely on this skill in a sensitive environment, review the full bp_api.py script for any hidden endpoints, logging of sensitive headers, or unexpected network destinations. Although no obfuscated code was found, the source is from an unknown origin — confirm provenance with the publisher if possible. If you cannot confirm or correct the above (declare primary credential, fix env-var name mismatch, update paths, and ensure explicit user confirmation on writes), treat this skill as suspicious and avoid granting it access to production credentials or enabling autonomous invocation.

Like a lobster shell, security has layers — review code before you run it.

auditvk97fm8yw4kvq8hvzwhv4ghgykh842tfdbpvk97fm8yw4kvq8hvzwhv4ghgykh842tfdlatestvk97fm8yw4kvq8hvzwhv4ghgykh842tfdxgjkvk97fm8yw4kvq8hvzwhv4ghgykh842tfd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎯 Clawdis

Comments