ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Eudic Openapi Skills Local

v1.0.0

调用欧路词典及法语、德语、西语助手OpenAPI,管理生词本、笔记和进行英语语音评分功能。

0· 48·0 current·0 all-time
bykai@ink-kai·duplicate of @lulu-trans/eudic-openapi-skills
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the SKILL.md: all examples are curl calls to Eudic/OpenAPI endpoints for study lists, notes, and voice evaluation. The capabilities requested in the instructions are consistent with the stated purpose.
Instruction Scope
Instructions are concrete cURL examples targeting https://api.frdic.com and require an 'Authorization: NIS {token}' header. The SKILL.md does not instruct the agent to read unrelated files, secrets, or system paths, nor to call external endpoints outside the documented API.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — nothing will be written to disk or installed by the skill itself.
!
Credentials
The runtime examples require an API token ('NIS {token}') for authorization, but the registry metadata lists no required environment variables or primary credential. That mismatch means the skill's metadata does not declare the secret it actually needs; you should confirm how the agent will obtain/store the token and avoid supplying unrelated credentials. Also note voice evaluation uploads audio to the remote API (privacy consideration).
Persistence & Privilege
The skill is not always-enabled and does not request persistent system privileges or modify other skills. It is user-invocable and allows autonomous invocation (platform default) — no additional privileged flags are set.
What to consider before installing
This skill appears to be what it says — it provides cURL examples for the Eudic/OpenAPI endpoints — but there is an important metadata mismatch: the SKILL.md requires an API token ('NIS {token}') while the skill metadata declares no required environment variable or credential. Before installing or enabling this skill: 1) Confirm how you will provide the API token to the agent (do not paste it publicly). 2) Verify the token source and legitimacy of the domains (my.eudic.net and api.frdic.com) and that you trust them with any audio you upload for voice scoring. 3) Do not supply unrelated credentials (AWS keys, platform tokens, etc.). 4) If you want the agent to store the token, check where and how it will be stored (platform secret store vs. plain text). If the publisher can provide updated metadata declaring the API token as a required credential (primaryEnv), that would resolve the main inconsistency.

Like a lobster shell, security has layers — review code before you run it.

latestvk978fxhfyjrw8n9xfsbvnmmwkd83zdq8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments