Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
xyq
v1.0.2AI 生图/视频创作工具,当用需要生成或者编辑图片、视频,或者查询相关创作的时候使用,触发关键词:pippit、小云雀、xiaoyunque、xyq、生图、生视频
⭐ 0· 109·0 current·0 all-time
by@imaoda
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to be an AI image/video creation tool and the documented API endpoints (pippit/xyq) align with that purpose. However, the registry metadata declares no required credentials or binaries, while the SKILL.md explicitly requires the user to provide browser cookies (sid_tt or sessionid_pippitcn_web) saved to a local xyq.config.json so the agent can authenticate. Also the provided script implicitly requires python3 or uuidgen to run, yet required binaries is empty. These mismatches between declared requirements and actual needs are concerning.
Instruction Scope
The SKILL.md instructs the agent to (a) ask the user to export browser cookies via devtools and paste them into chat, (b) save those cookies into a local xyq.config.json file, and (c) use those cookies to call internal CMS and API endpoints. Asking users to copy/paste authentication cookies into a chat and storing them is beyond the narrow scope of a simple generation helper and constitutes collection of sensitive credentials. The instructions also direct spawning subagents to poll generation threads and to create/modify the local config file.
Install Mechanism
No install spec — instruction-only plus a small helper shell script are present. The script is straightforward and will be executed locally; there is no network download or external install of code. This is a lower install risk, but execution requires local shell/python capabilities.
Credentials
Rather than using declared environment variables or documented API keys, the skill requires sensitive session cookies (sid_tt or sessionid_pippitcn_web) derived from the user's browser. Those cookies are not listed in registry requirements. Requesting users to paste cookies into chat and storing them in a local file is disproportionate and risky because cookies are equivalent to session tokens and grant access to the user's account on the referenced services.
Persistence & Privilege
The skill does write a local config file (xyq.config.json) in its directory to persist cookies and user/workspace ids; this is a limited, local persistence and 'always' is false. It does not request system-wide privileges or modify other skills. Autonomous invocation and subagent spawning are allowed by default but are not elevated here — still, they increase the blast radius if credentials are present.
What to consider before installing
This skill will ask you to copy browser session cookies (sid_tt or sessionid_pippitcn_web) and paste them so it can call pippit/xyq APIs, then store those cookies in a local xyq.config.json. Do not paste session cookies into chat unless you fully trust the skill and understand that those cookies grant access to your account on the target service. Consider these options before installing or using the skill:
- Prefer a skill that uses documented API keys with explicit manifest declarations instead of asking for browser cookies in chat. Ask the author to add declared credential requirements to the registry metadata.
- If you must use this skill, do so in an isolated test account (not your primary account) and in an isolated environment/VM so leaked cookies have limited impact.
- Confirm you are comfortable with the skill writing xyq.config.json to the skill directory and how long it will retain credentials. Delete the file and revoke the session on the service when finished.
- Note the helper script requires python3 or uuidgen even though the registry lists no binaries — ensure those are available in a safe environment before running.
If you are not willing to share session cookies or run code that writes persistent credentials, do not install or use this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk97esa43kpt7h556244c5bjzmh83e5f4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.