ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

iflow-nb

v1.0.0

iflow 知识库助手(iflow知识库),支持知识库管理、文件上传/URL导入、内容生成、联网搜索并导入知识库。 当用户提到知识库、资料库、收藏文章、保存链接、上传文件、导入网页、 生成报告、生成PPT、生成播客、生成思维导图、生成视频、分享知识库、 查看生成进度、搜论文并整理、查文献并生成报告、深度研究、搜索...

0· 86·0 current·0 all-time
by@iflow-ai-skill
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (iflow knowledge-base assistant: create/manage KBs, upload files, import URLs, search, generate reports/PPTs/etc.) aligns with the included Python pipelines and API calls to an iflow backend. The declared primary credential IFLOW_API_KEY matches the code's use (Authorization Bearer). No unrelated cloud credentials or unrelated binaries are requested. The code reads credentials from IFLOW_API_KEY or ~/.config/iflow-nb/api_key and optionally IFLOW_BASE_URL, which is consistent with a configurable API client.
!
Instruction Scope
SKILL.md prescribes very broad trigger rules (trigger when many user intents mention saving, summarizing, any note-taking, even small personal records). The code defaults to using entire knowledge-bases when the user doesn't specify files, does fuzzy KB matching (may select the wrong KB), and can import arbitrary external URLs (downloading remote report markdown and uploading it). Those behaviors are coherent with the feature set but are broad and could cause the agent to read/upload/aggregate many files or external content without clear, per-action user confirmation.
Install Mechanism
This is instruction + code only (no install spec). All code ships in the skill bundle and there are no downloads or archive extraction steps. The scripts use standard libraries (requests) but no package installation mechanism is defined in the manifest. No external URLs or installers are pulled at install-time.
Credentials
Only IFLOW_API_KEY is declared as the primary credential, which matches API calls. The code also accepts an optional IFLOW_BASE_URL and will read the config file at ~/.config/iflow-nb/api_key if env var absent — this means the skill will access a file in the user's home directory to obtain credentials. The declared env usage is proportional, but IFLOW_BASE_URL lets the target endpoint be changed; if set to a malicious host, credentials would be sent there.
!
Persistence & Privilege
The skill metadata sets always: true, meaning it will be force-included in every agent run. Given the broad trigger rules and actions that can import, upload, generate, share, and delete content (including batch-delete endpoints), this elevated presence increases risk of unintended or background actions. Autonomous invocation itself is normal for skills, but always:true combined with the other broad behaviors is disproportionate and worth flagging.
What to consider before installing
This skill appears to implement an iflow knowledge-base client and needs only your IFLOW_API_KEY (stored in env or ~/.config/iflow-nb/api_key). However, two things to watch before installing: (1) the skill is marked always:true and its SKILL.md tells the agent to trigger for many casual intents (even short notes). That combination can cause the skill to run more often than you expect and to act on entire knowledge-bases by default (the scripts default to using all files if you don't specify). (2) IFLOW_BASE_URL is honored by the code — if overridden it could direct your API key to a non-official endpoint. Recommended precautions: only install if you trust the skill source; prefer providing a scoped API key (limited permissions) or a key you can revoke; consider removing or disabling always:true so it doesn't auto-run on unrelated queries; review the pipeline scripts (they perform downloads and uploads and can delete files) and test in a restricted environment first. If you need higher confidence, ask the publisher to justify always:true and to narrow trigger conditions and defaults (explicit confirm before using all files, explicit KB selection, safe defaults for sharing/deleting).

Like a lobster shell, security has layers — review code before you run it.

latestvk972th91qkxx5mg2ycq6tmmmqh8456nf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📓 Clawdis
Primary envIFLOW_API_KEY

Comments