ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

skills-monitor

v1.0.0

AI Skills 一站式监控评估平台 — 7因子评估引擎、跨模型基准评测、中心化 Dashboard、智能推荐

0· 103·0 current·0 all-time
by@jaredwei01
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md and code implement a full monitoring/dashboard/benchmark server that can run other skills, collect their results, generate reports, push to WeCom/webhook, and upload data to a central server. However the registry metadata/requirements claim no env vars or credentials are needed. In reality the code references enterprise WeCom credentials (WECOM_* env vars), NGROK token, and uses keyring for storing generated API keys. The manifest omitting these required runtime configuration items is an inconsistency.
Instruction Scope
Runtime instructions include starting a server, running arbitrary installed skills (run <skill-slug>), scheduled automatic diagnostics, and 'upload --server' which sends evaluation data to an external URL. Running this skill means it will execute other skills (via adapters/runners) and record their inputs/outputs and diagnostics — behavior consistent with its purpose but broad: it can collect and transmit aggregated and per-run data about other skills.
Install Mechanism
There is no remote download install spec in the registry (instruction-only), but the package contains many code files and deploy scripts (deploy/setup_ssh_key.sh, deploy/pack_and_upload.sh, deploy/deploy.sh). Those scripts can create SSH keys and upload artifacts to remote servers — they are present on-disk and could be executed by an administrator; review them before running. No installer pulls arbitrary binaries from untrusted URLs in the provided files list.
!
Credentials
Registry claims no required environment variables, but code reads multiple env vars (WECOM_CORP_ID, WECOM_AGENT_ID, WECOM_SECRET, WECOM_CALLBACK_TOKEN, WECOM_CALLBACK_AES_KEY, NGROK_AUTH_TOKEN, etc.). The code also embeds a webhook URL with a hard-coded key and supports 'upload --server' to arbitrary servers. Requesting (or using) these credentials is plausible for the declared WeCom integration, but the manifest not declaring them and the inclusion of a hard-coded webhook key are red flags for transparency and proportionality.
Persistence & Privilege
The skill is not always:true and does not autonomously force-install, which is good. However it runs servers, writes reports/logs to the project and home config (~/.skills_monitor), uses keyring (OS keychain) to store API keys, and includes deploy scripts that may create SSH keys and push code. Combined with its ability to execute other installed skills and upload data externally, this grants a significant operational footprint if enabled; ensure you understand and restrict its network exposure and scheduled tasks.
What to consider before installing
What to check before installing or running this skill: - Metadata mismatch: The registry lists no required env vars, but the code expects WECOM_* variables (enterprise WeCom credentials), NGROK token, and uses keyring. Do not assume 'no credentials required' — inspect and set these intentionally. - Review external endpoints: The code can push reports via a hard-coded WEBHOOK_URL and supports uploading data to arbitrary servers (upload --server). Verify the webhook target is one you control and understand where 'upload' will send data. Consider running in offline/mock mode first. - Inspect deploy scripts: deploy/setup_ssh_key.sh and deploy/pack_and_upload.sh exist and can create SSH keys / push artifacts. Do not run those scripts unless you trust the destination and have reviewed their contents. - Data collection scope: This tool is designed to run other Skills and collect inputs/outputs and metrics. If you install it, it will have access to whatever skills it runs and their I/O. Limit its permissions, run in a sandbox, or restrict the skills directory if you are concerned about sensitive data being captured. - WeCom configuration: ALLOWED_USERS defaults to allow-all (empty list means no restriction). If you enable the WeCom callbacks/server, set ALLOWED_USERS properly and validate CALLBACK tokens. Also replace or confirm any hard-coded webhook keys. - Network exposure: Running 'server' or the web dashboard exposes endpoints (PWA, callbacks). Avoid binding to public interfaces or use firewall / localhost-only binding until configured securely. - Review adapters/uploader: Audit adapters (clawhub_client, DataUploader, skill_registry, runners) to see what external services are called and what data they transmit. If you plan to use 'live' benchmarking (real API calls) check how API keys are handled. - Source verification: The skill.json references a GitHub repo. If you need higher confidence, fetch and compare the upstream repository, confirm author identity, and check for recent commits/issues. Summary recommendation: treat this package as a powerful tool that legitimately needs broader permissions, but the manifest underreports them and the distributed files include scripts that can change system state or transmit data. If you decide to install, run it first in an isolated environment (VM/container) and audit/replace webhook keys and deploy scripts before enabling networked features.

Like a lobster shell, security has layers — review code before you run it.

latestvk971r700w259gheaysezk0vceh836rrh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments