AnyShare MCP Skills
PassAudited by VirusTotal on May 9, 2026.
Overview
Type: OpenClaw Skill Name: anyshare-mcp-skills Version: 0.2.8 The skill bundle provides instructions for an AI agent to integrate with AnyShare via the Model Context Protocol (MCP). It is classified as suspicious because it instructs the agent to perform high-risk operations, including executing shell commands (e.g., mkdir, cat, mcporter) and modifying local configuration files (~/.mcporter/mcporter.json and ~/.openclaw/openclaw.json) to store authentication tokens and adjust system timeouts. While these actions are aligned with the stated purpose of configuring the AnyShare MCP integration, the requirement for the agent to modify its own environment and handle Bearer tokens via direct file manipulation constitutes a significant risky capability. The instructions in SKILL.md do include mandatory user confirmation steps (C3, C4) for sensitive operations, which mitigates but does not eliminate the risk associated with these broad permissions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the conversation log or local config is exposed, someone else could use the token to access or modify AnyShare documents within the user's permissions.
The workflow asks the user to paste an AnyShare access token into the chat and then persists it in a local config file. This is authentication-related and purpose-aligned, but the token can grant enterprise document access and SECURITY.md separately warns not to paste tokens into chat logs.
复制令牌后,**在本对话中粘贴**。 ... Agent 将 `~/.mcporter/mcporter.json` 中 `asmcp.headers.Authorization` 更新为
Avoid pasting real tokens into chat. Prefer a secret store, environment variable, OAuth/device flow, or manual local config editing; use least-privilege tokens and revoke them when no longer needed.
The agent may alter local configuration and daemon behavior in a way the user has not explicitly reviewed.
The skill directs the agent to make persistent local MCP/OpenClaw configuration changes before an explicit user approval step. These changes support the skill, but they affect the user's runtime environment.
用户首次使用本技能时,Agent 必须直接执行以下步骤,不要先问用户"要不要配置"。 ... 写入 `~/.mcporter/mcporter.json` ... 读取 `~/.openclaw/openclaw.json`
Ask for confirmation before writing files or restarting daemons, show the exact config diff, and confirm the enterprise MCP endpoint before persisting it.
Users may not realize they need a trusted mcporter installation before the skill can operate.
The skill itself declares a mcporter dependency, while the registry requirements shown to the reviewer list no required binaries. This is a packaging/declaration gap rather than evidence of malicious behavior.
metadata: '{"openclaw":{"category":"productivity","emoji":"📁","requires":{"bins":["mcporter"]},"openclawSkillsEntryFile":"openclaw.skill-entry.json"}}'Ensure mcporter is installed from a trusted source and update registry metadata so dependency requirements are clear.
Search, upload, download, and writing requests may be sent to the configured AnyShare MCP service using the user's token.
The skill routes authenticated operations through an AnyShare MCP endpoint. This is expected for the integration, but the endpoint receives privileged document operations.
"url": "https://anyshare.aishu.cn/asmcp", ... "headers": { "Authorization": "Bearer <token>" }Verify the MCP URL is your organization's official endpoint and that use complies with enterprise data-handling policy.