Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
hubstudio
v1.0.0HubStudio OpenAPI skill for full endpoint lookup, request/response field explanation, and parameter constraint checking. Use when querying HubStudio API inte...
⭐ 0· 285·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match what is present: generated OpenAPI commands, a CLI (hubstudio.js), full reference, and Playwright automation examples. Required binaries/env vars are minimal and proportional (optional HUBSTUDIO_BASE_URL/HUBSTUDIO_AUTH_TOKEN). Nothing requested is unrelated to HubStudio automation.
Instruction Scope
SKILL.md instructs the agent/user to call the local HubStudio API (default http://127.0.0.1:6873), start/stop environments, retrieve debuggingPort and connect via Playwright to automate web pages (e.g., baidu.com) and to write reports/summaries. These actions are within the stated purpose, but the skill (and included scripts) will actively navigate external websites and extract page content and will create local report files — which is expected but worth noting from a privacy perspective.
Install Mechanism
No automatic install spec is included (instruction-only install). package.json lists Playwright as an optional dependency you would install manually; using the public npm registry is normal. No opaque downloads or extraction from arbitrary URLs are present.
Credentials
The skill does not require secrets by default. It documents optional HUBSTUDIO_BASE_URL and HUBSTUDIO_AUTH_TOKEN environment variables which are reasonable. One oddity: generated default request bodies include unusual keys like '01KAJX...'/similar hex-like keys in defaultBody values — these look like placeholder or instrumented keys and are not documented in SKILL.md; their presence is unusual but not necessarily malicious. The skill does call endpoints that can return ADB credentials or execute shell commands on cloud phones (e.g., /api/v1/cloud-mobile/exe-command and list-adb), which are powerful but coherent with HubStudio functionality.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges. It writes local report and summary files (node_test_all_report.json, summary files) and may create or suggest symlinks when installing into the OpenClaw workspace — these are expected for a local automation skill and don't indicate overbroad privileges.
Assessment
This skill appears to be what it says: a local HubStudio OpenAPI helper plus Playwright automation examples. Before installing, verify you actually run HubStudio locally and trust that local service. Be aware the skill exercises powerful endpoints (e.g., execute shell on cloud phones, retrieve ADB connection/password info) — if an untrusted agent or user invokes those, those endpoints could be abused. Review the included files (hubstudio.js, commands.generated.json, openapi.yaml, and the Playwright demo) yourself, especially the defaultBody entries that contain odd hex-like keys, and don't set a HUBSTUDIO_AUTH_TOKEN globally unless necessary. Only run npm install/playwright from trusted networks/registries and consider running the demo in an isolated account or VM if you're cautious. If you need more assurance, request the upstream source (homepage/repo) or ask the publisher for explanation of the unusual defaultBody keys and for explicit documentation of required auth fields.playwright_hubstudio_baidu_demo.js:11
Shell command execution detected (child_process).
hubstudio.js:8
Environment variable access combined with network send.
commands.generated.json:2
Install source points to URL shortener or raw IP.
hubstudio.js:7
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97f11km8pwqghf20x206vk7md831dee
License
MIT-0
Free to use, modify, and redistribute. No attribution required.