ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Embodied Ai Weekly

v1.1.0

具身智能周报自动化生成与发布技能。当用户需要生成具身智能领域一周动态报告时使用,覆盖完整工作流:ArXiv论文多方向检索与整理、GitHub开源项目趋势追踪、综合可视化HTML报告生成(含导读+统计图表),以及将报告推送到 GitHub Pages 仓库发布。适用于每周定期生成具身智能领域动态报告的场景。

0· 71·0 current·0 all-time
by@jessy-huang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to generate and publish weekly reports (ArXiv + GitHub → HTML → GitHub Pages), which is coherent with the instructions. However, the instructions assume availability of tools (Node.js/Playwright, git, ability to write a workspace and perform network requests and screenshots) but the skill declares no required binaries, env vars, or credentials. A publishing workflow that clones and pushes to a GitHub repo generally requires Git and credentials (SSH key or a token); those are not requested or documented as required. This mismatch between claimed capabilities and declared requirements is concerning.
!
Instruction Scope
SKILL.md explicitly directs the agent to: (a) fetch web pages and GitHub API endpoints (web_fetch), (b) download figures from ArXiv, (c) run Playwright to screenshot GitHub and project pages, (d) write files (images/, .md/.html), and (e) clone, commit, and push to a GitHub repository. All of those actions are within the stated purpose, but they expand the agent's operational scope beyond a pure read-only scraper: the skill will create files and push changes to a remote repository. The instructions do not document how credentials are provided, how rate limiting or API auth will be handled, or whether the agent will prompt before pushing — granting push rights implicitly is a sensitive action and should be made explicit.
Install Mechanism
There is no install spec (instruction-only), which lowers installer risk since nothing is automatically downloaded. However, SKILL.md examples reference Node.js and Playwright for screenshots and provide a Node.js snippet; the runtime therefore effectively depends on those packages being available. That dependency is not declared in the registry metadata. The lack of an install step is safe from an arbitrary-download perspective, but the skill will fail or require manual installation of tools; this mismatch is a notable usability and security gap.
!
Credentials
The skill declares no required environment variables or primary credential, yet its push workflow depends on GitHub authentication (SSH key or HTTPS token) and the GitHub API usage benefits from a GITHUB_TOKEN for rate limits. The absence of any declared credential requirement is disproportionate to the described behavior. Users must provide Git credentials (or the agent will attempt SSH), but the skill does not instruct how those credentials will be used, whether they will be stored, or whether the agent will request them interactively.
Persistence & Privilege
The skill is not set to always:true and does not request persistent installation or elevated platform-wide privileges. Autonomous model invocation is not disabled (default), which is normal. There is no evidence the skill will modify other skills or system-wide settings.
What to consider before installing
Before installing or running this skill, consider the following: - Tooling and capabilities required: The skill expects to run web requests, download images, run Playwright (headless browser) and Node.js scripts, and use git to clone/commit/push. Confirm these tools are available in the execution environment — the skill metadata does not declare them. - GitHub authentication: Publishing requires GitHub credentials (SSH key or HTTPS token). The skill does not request or document how credentials are supplied or stored. Only grant repository push rights if you trust the exact behavior; prefer using a dedicated repo or deploy key with limited permissions rather than your main account token. - Review push behavior: The instructions assume the agent will update latest/index.html and archive/index.html and then push to main. Decide whether you want the agent to push automatically or require manual review/PR. If you want safer behavior, modify the workflow to create a branch and open a PR instead of pushing to main. - Data & copyright: The skill downloads figures from ArXiv and screenshots GitHub/project pages. Ensure you have the right to redistribute images and that you comply with arXiv/github content policies and any paper authors' terms. - Rate limits and tokens: GitHub API calls may require a GITHUB_TOKEN to avoid strict rate limits; arXiv scraping may also be throttled. Confirm how the agent will handle failures and whether credentials will be used. - If you plan to run this in a shared or hosted agent environment, confirm sandboxing and that Playwright screenshots will not capture sensitive pages. Limit the agent's network access and filesystem write scope where possible. What would change this assessment: explicit metadata declaring required binaries (git, node, playwright), required env vars (e.g., GITHUB_TOKEN or instructions about SSH deploy keys), and a safer publish flow (branch + PR) or confirmation prompts before pushing would make the skill coherent and reduce the concerns.

Like a lobster shell, security has layers — review code before you run it.

latestvk977xfhpt6qsncw4vxpw2xn10x84gvjh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments