ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

JumpServer Skills

v1.1.0

JumpServer V4.10 查询与分析 skill。Use when users ask to query assets/accounts/users/organizations/permissions, inspect access or governance, audit logins/sessions...

0· 117·0 current·0 all-time
by老广@ibuler
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description say this is a read-only JumpServer query/analysis skill — that matches the scripts present (jms_query.py, jms_diagnose.py, jms_report.py) which call the JumpServer API. However the registry metadata claims 'Required env vars: none' and 'Primary credential: none', while the code and README clearly expect JMS_API_URL plus either JMS_ACCESS_KEY_ID/JMS_ACCESS_KEY_SECRET or JMS_USERNAME/JMS_PASSWORD (and optional JMS_ORG_ID/JMS_VERIFY_TLS). This mismatch is an incoherence between the declared purpose/requirements and what the skill actually needs.
Instruction Scope
SKILL.md prescribes running the bundled Python entrypoints and explicitly allows the runtime to write local configuration (config-write --confirm and select-org --confirm) while forbidding business write operations. That instruction set is mostly scoped to JumpServer queries and report generation. It does, however, allow creating/overwriting a local .env and persisting selected org context — side effects on the host filesystem that are outside purely read-only API calls and should be noted. The instructions direct API calls only to the JumpServer base URL (via the client), not to unexpected external endpoints.
!
Install Mechanism
There is no explicit install spec, but scripts/jumpserver_api/jms_bootstrap.py contains logic to detect missing Python packages and runs pip install -r requirements.txt automatically at runtime (subprocess.run). That will perform network installs from PyPI when run, which is a non-trivial install action even though no explicit install spec was published. requirements.txt itself is small (requests, tzdata, backports.zoneinfo), but automatic runtime installation is an implicit install mechanism users should be aware of.
!
Credentials
The skill requires sensitive JumpServer credentials and a base URL to function (access key/secret or username/password), and will load and can write those values into a local .env. The registry metadata failing to declare these env vars is a mismatch. Also JMS_VERIFY_TLS defaults to false per docs, which weakens TLS verification unless the user overrides it. Requesting these credentials is proportionate for a JumpServer client, but the mismatch in declared vs actual required env vars and default-to-insecure TLS are concerning and must be addressed by the user.
Persistence & Privilege
The skill persists local configuration (.env) and can persist a selected organization (select-org --confirm). always is false, and the skill does not request system-wide privileges. Persisting .env and org selection is documented as allowed behavior. Users should expect persistent local configuration files as a consequence of using the skill.
What to consider before installing
This skill contains a full Python client and multiple entrypoint scripts and appears to be a legitimate JumpServer query/reporting tool, but the package metadata is inconsistent with the code: the skill will need your JumpServer URL and credentials (AK/SK or username/password) and can create/overwrite a local .env file and persist organization context. It also may automatically pip-install required Python packages at runtime. Before installing or running it: (1) do not provide high-privilege or long-lived credentials — prefer scoped/test credentials; (2) inspect write operations (the write_local_env_config/select-org paths) and run the skill in an isolated environment or container; (3) if you require strict TLS, set JMS_VERIFY_TLS=true (the default docs say false); (4) prefer manually installing dependencies rather than allowing automatic pip installs, or review jms_bootstrap.py to understand its behavior; and (5) ask the publisher to update the registry metadata to declare the required env vars and primary credential so the package declaration matches the actual runtime requirements. If the metadata is corrected and you run in an isolated environment with limited credentials, the skill's behavior would be coherent with its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk9701zb07pg0rfqa625t76tmw183w4ec

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments