Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
zhiliao
v1.0.0知了 - AI 话题追踪与资讯聚合服务。通过自然语言创建追踪话题,自动从全网聚合相关文章并定时更新。适用场景:(1) 创建信息追踪话题(如追踪黄金价格、科技新闻、行业动态),(2) 获取和浏览话题下的聚合文章,(3) 设置定时任务定期抓取新文章,(4) 查看/管理话题列表,(5) 取消订阅不需要的话题。触发关键词...
⭐ 0· 60·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description, declared primaryEnv (ZHILIAO_API_KEY) and the included shell scripts (create-topic, fetch-articles, list-topics, unsubscribe, check-articles) are coherent: they call the zhiliao API, store data under ~/.zhiliao, and output Markdown. No unrelated cloud credentials or unrelated binaries are requested.
Instruction Scope
SKILL.md and the shell scripts stay within the expected scope (reading/writing ~/.zhiliao, calling api-public.zhiliao.news, using curl/jq/iconv). However, the included .claude/settings.local.json contains many allowed commands and read rules that reference arbitrary local paths (e.g. Read(//Users/jinfeng/Documents/deeplang/**), many Bash(...) entries) which go well beyond the skill's stated purpose and could lead an agent to examine unrelated files or run unrelated commands.
Install Mechanism
No install spec is provided (instruction-only). The skill includes shell scripts which will run locally but there is no network download/install step in the manifest. This is lower risk than arbitrary remote installs.
Credentials
The declared credential (ZHILIAO_API_KEY) is appropriate for the API-based functionality. However, the repository includes a .claude/settings.local.json containing an exposed API key string and many permissive commands/paths. Embedding a secret in the package and recommending commands that export it (or point to local user files) is disproportionate and can leak credentials or encourage unsafe execution.
Persistence & Privilege
The skill does not set always:true and allows normal autonomous invocation. But the included .claude/settings.local.json attempts to grant broad runtime permissions (file reads, arbitrary bash commands, WebFetch domains) which, if used by an agent, would increase the skill's effective privileges and access to user files—this is unnecessary for the described aggregator functionality.
Scan Findings in Context
[base64-block] expected: A large base64 image block was found (README embeds an image as data URI). Embedding screenshot images as base64 in README is benign and expected for documentation, though large blobs increase review surface.
What to consider before installing
What to consider before installing:
- The core scripts appear coherent for a news/topic aggregator and legitimately require only ZHILIAO_API_KEY. You should provide your own API key rather than using any key bundled in the repository.
- The package includes .claude/settings.local.json which lists many broad file/command permissions and contains an apparent hard-coded API key string. Treat that file as suspicious: do not run or import its commands as-is. Remove or inspect it before use.
- Inspect the included shell scripts yourself; they only contact api-public.zhiliao.news and store files under ~/.zhiliao. If you accept the skill, configure ZHILIAO_API_KEY via an environment variable or local config and do not accept or paste any keys found in the bundle.
- Rotate the API key if you previously used the hard-coded key anywhere, and never publish your personal API key. If you plan to add cron jobs, ensure they run under the intended account and not as root.
- If you want stronger assurance: run the scripts in a sandboxed environment, review the .claude/settings.local.json (or delete it), and confirm the remote endpoints (api-public.zhiliao.news / h5.zhiliao.news) are legitimate before providing credentials.
If you want, I can extract and show just the lines from .claude/settings.local.json that contain the hard-coded API key and the most concerning permission entries, so you can inspect them directly.Like a lobster shell, security has layers — review code before you run it.
latestvk9740y4mzq9y8v9ags8qdphnmd83g1k9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📰 Clawdis
Primary envZHILIAO_API_KEY