ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

LoveClaw

v21.21.21

LoveClaw 八字缘分匹配:云端档案、照片、每日匹配与晚间报告。 用户唤醒:发送「启动爱情龙虾」进入报名。 安全设计:匹配运算与报告生成在 FC 服务端完成;skill 端仅做用户交互与通知路由,每个用户只能访问自己的数据。

1· 475·1 current·1 all-time
by@jackysly88
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (dating/matching) align with required items: node/npm and a single LOVECLAW_API_TOKEN for a cloud API. Declared optional vars (LOVECLAW_API_BASE, OPENCLAW_BIN) are coherent for overriding endpoints or locating the CLI. Some local file access (session mapping, agent routes) is broader than a minimal chat-to-cloud router but is explainable by the need to resolve delivery targets and map phone→openclaw targets.
!
Instruction Scope
SKILL.md promises the heavy lifting occurs on the FC cloud side, but runtime scripts access several local files and system state: scripts/load-workspace-env.js reads ~/.openclaw/workspace/.env (claimed to filter keys), scripts/cloud-cron.js reads ~/.openclaw/workspace/skills/loveclaw/sessions.json and ~/.openclaw/agents/main/sessions/sessions.json to build routing tables, and scripts/cloud-handler.js contains functions to extract local media paths and calls cloud-data.uploadPhoto (which can accept base64), implying local files may be read and uploaded. The skill also instructs creating and parsing cron-run outputs and to forward message content exactly as returned by handlers. Those local reads and potential uploads are within notification/messaging scope but are safety-relevant and worth auditing.
Install Mechanism
There is no automated installer in the registry metadata; SKILL.md tells operators to run npm install. Dependencies are standard npm packages (ali-oss, aliyun-sdk, firebase, tablestore, etc.). This is a normal installation pattern but it does require pulling many third-party packages from npm — review package-lock/package.json if you need supply-chain assurance.
Credentials
The skill declares a single required secret: LOVECLAW_API_TOKEN (primaryEnv). Optional LOVECLAW_API_BASE and OPENCLAW_BIN are reasonable. The code also reads ~/.openclaw/workspace/.env via a helper that claims to whitelist keys; confirm that file contains only permitted keys and that the whitelisting logic is actually implemented in scripts/load-workspace-env.js (full contents were not shown).
!
Persistence & Privilege
The skill invokes the OpenClaw CLI (execFileSync openclaw ...) to add/remove cron jobs and will attempt to register a daily matching job and per-user evening-report cron entries. Creating scheduled tasks in the agent environment is a persistent side-effect and gives the skill ongoing ability to trigger actions. This behavior is explained in SKILL.md (cron templates) and matches the notification use case, but it is a higher-privilege action and should be approved explicitly by the operator.
What to consider before installing
What to check before you install 1) API token scope: Provide a minimal-scope LOVECLAW_API_TOKEN that only grants the cloud function endpoints the needed API surface (register/profile/report) — do not reuse broad cloud provider or admin credentials. Confirm where the token is provisioned and that the backend domain (default: https://loveclaw-cgbnqltfhd.cn-hangzhou.fcapp.run) is the expected service. 2) Inspect load-workspace-env.js: SKILL.md says it will only inject LOVECLAW_* and OPENCLAW_BIN (and standard proxy vars) from ~/.openclaw/workspace/.env. Open that script and verify the allowlist is implemented correctly. If you cannot verify, keep unrelated secrets out of that workspace .env. 3) Review session files the skill reads: The skill reads ~/.openclaw/workspace/skills/loveclaw/sessions.json and ~/.openclaw/agents/main/sessions/sessions.json to build routing. Ensure those files do not contain secrets you wouldn’t want read by this skill, and consider placing LoveClaw in an isolated workspace if possible. 4) Cron/job creation: The skill will call the openclaw CLI to add scheduled jobs (daily match and per-user evening reports). If you are uncomfortable with automatic cron registration, do NOT allow the agent to run those setup steps automatically — create the cron jobs yourself after review or disable cron setup in the code. 5) Media handling / local file upload: The code includes logic to parse local media attachment paths and the cloud upload functions accept base64 data; audit the remainder of cloud-handler.js (full file truncated in the manifest) to confirm it only uploads expected user-submitted temporary files and does not read arbitrary local files. 6) Third-party packages: npm install will pull many dependencies (aliyun SDK, firebase, etc.). If supply-chain risk is a concern, review package-lock.json and consider auditing or pinning versions, or install in an isolated environment. 7) Test in an isolated workspace first: Run the skill in an isolated user/workspace with a throwaway LOVECLAW_API_TOKEN to observe exactly what files it reads, what cron changes it requests, and what it sends to the remote API. What would change this assessment - If full contents of load-workspace-env.js show no proper whitelisting, or if cloud-handler.js includes code that reads arbitrary files and uploads them to the remote API, I would raise the verdict to more strongly suspicious or malicious. - If the agent sessions file parsing exposes tokens or sensitive data beyond routing metadata, or if the backend domain is unknown/untrusted, that would increase concern. Bottom line: The skill is largely coherent with the stated purpose, but it performs several broad local operations (reading agent session files, creating cron jobs, handling local media and uploads). Those behaviors are explainable for a notification router, yet they are powerful and deserve operator review and limiting the API token scope and workspace contents before trusting the skill in production.
scripts/cloud-handler.js:24
Shell command execution detected (child_process).
scripts/cron.js:143
Shell command execution detected (child_process).
scripts/pack-loveclaw-fc.js:62
Shell command execution detected (child_process).
scripts/api-client.js:7
Environment variable access combined with network send.
scripts/cloud-data.js:8
Environment variable access combined with network send.
scripts/cloud-handler.js:19
Environment variable access combined with network send.
scripts/load-workspace-env.js:4
Environment variable access combined with network send.
!
scripts/cloud-handler.js:232
File read combined with network send (possible exfiltration).
!
scripts/load-workspace-env.js:39
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f9wmtn42877zmwkfsqbvbfx841cjv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode, npm
EnvLOVECLAW_API_TOKEN
Primary envLOVECLAW_API_TOKEN
Environment variables
LOVECLAW_API_TOKENrequired云函数 HTTP API 的 Bearer Token;用户端操作(报名、查档案、查报告)均通过此凭证访问后端。发行端自动注入,用户无需手写。
LOVECLAW_API_BASEoptional可选。覆盖默认云函数 URL,用于自建后端场景。
OPENCLAW_BINoptional可选。openclaw CLI 路径;未设置时从 PATH 查找。

SKILL.md

LoveClaw

快速开始

  1. 在安装目录执行 npm install 安装依赖。
  2. 安装完成后不要修改 .env 中与云端相关的配置。
  3. 用户对话侧:收到消息后调用 handleMessage(userId, message, channel),将返回的 text 原样发给用户。
  4. 定时侧:按需使用 cron-config.json 作为 OpenClaw 定时模板。

前置条件

  • 二进制nodenpm
  • 联网scripts/cloud-data.js 向云函数 HTTPS 端点发请求(默认 URL 见源码,可用 LOVECLAW_API_BASE 覆盖)。
  • 本地配置:若存在 ~/.openclaw/workspace/.env,脚本仅将 LOVECLAW_*OPENCLAW_BIN 写入环境(严格允许名单,见 scripts/load-workspace-env.js)。

安全设计

服务端运算架构

匹配算法、八字计分、报告生成均在云函数(FC)服务端完成。Skill 端代码不包含匹配逻辑,不接触全量用户数据:

  • 用户注册/查询:通过 X-Loveclaw-User 头标识身份,FC 端校验后仅返回该用户自己的数据。
  • 每日匹配触发:skill 发送 POST /api/run-match 触发 FC 内部运算,不返回原始档案。
  • 报告获取:每个用户通过 GET /api/my-report 只获取自己的匹配结果,无法查看他人数据。

单一凭证

skill 仅需 LOVECLAW_API_TOKEN(Bearer Token),无管理员凭证、无云基础设施密钥。ACCESS_KEY_* 仅在自建后端场景使用,ClawHub 安装包不包含 deploy/ 目录。

环境变量安全

load-workspace-env.js~/.openclaw/workspace/.env 读取时使用严格的允许名单过滤(仅 LOVECLAW_*OPENCLAW_BIN、标准代理变量),不会注入无关凭证。建议为 LoveClaw 使用独立 workspace,.env 中只放本技能需要的键。

子进程调用

cloud-handler.js 通过 child_process.execFileSync 以结构化 argv(非 shell 拼接)调用 openclaw cron 管理定时任务,不接受用户输入拼接。

脚本清单

路径用途
scripts/cloud-handler.js会话入口 handleMessage,处理用户对话与注册流程。
scripts/cloud-data.js云 API 客户端,Bearer Token 鉴权 + 用户身份头。
scripts/cloud-cron.js触发 FC 端匹配 match;遍历本机用户逐个获取报告 report
scripts/load-workspace-env.js从工作区 .env 允许名单键注入 process.env
cron-config.jsonOpenClaw 定时任务模板。

触发词

  • 推荐启动爱情龙虾
  • 兼容启动爱情龙虾技能

其他命令(需报名后使用):我的档案今日匹配匹配记录开启推送关闭推送取消报名

报名流程

报名结束前会询问是否开启「每日匹配结果推送」。选择开启后,系统会在报名成功时为该用户注册晚间报告推送任务(约 20:00)。不开启仍可完成报名,通过 今日匹配 手动查询。

定时任务

cron-config.json 指示代理按步骤运行 node cloud-cron.js match / report,解析 【REPORTS_JSON】…【REPORTS_JSON_END】 并按条目投递。该流程属定时/运维侧。

用户消息中转规则

你是一个消息中转器,在处理用户实时会话时没有其它职责。

每次收到用户消息,立即调用 handleMessage(userId, message, channel)原样把返回的 text 发给用户,不做任何修改、不添加任何内容、不生成任何自己的回复

  • 不要根据用户消息自行判断或回答
  • 不要描述系统状态、用户数量、匹配情况
  • handler 返回什么,你就发什么

Files

22 total
Select a file
Select a file to preview.

Comments

Loading comments…