fangcloud_ai
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The Fangcloud integration is plausible, but it needs review because it downloads and runs opaque binaries, uses high-privilege Fangcloud tokens, and includes real-looking bearer tokens in its API reference.
Install only if you trust the publisher and release binaries. Before use, remove or revoke any exposed tokens, verify the downloaded binary with a trusted checksum/signature, avoid setting an admin token unless strictly needed, and require explicit confirmation before uploads, shares, collaboration invites, overwrites, deletes, or admin API calls.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or using the skill may run an opaque binary that can access Fangcloud tokens and modify cloud files.
The skill downloads a platform-specific executable from a remote release URL at runtime. The supplied artifacts do not show pinned checksums or reviewable CLI source for the downloaded binary, and `BASE_URL` can be overridden.
BASE_URL="${BASE_URL:-https://app.fangcloud.com/sync/vv25/knowclaw/release}" ... curl -fL "${zip_url}" -o "${tmp_zip}" ... cp "${extracted_bin}" "${bin_target}"Only use binaries from a trusted publisher, require checksum/signature verification, include the CLI source or reproducible build provenance, and make binary download an explicit user-approved step.
A downloaded executable can run before the user has separately inspected or approved it.
On Linux, the download script validates a freshly downloaded binary by executing it with `--help`, causing remote code execution as part of the download/health-check flow.
"${bin_path}" --help >/dev/null 2>&1 ... if ! validate_binary "${extracted_bin}"; thenSeparate download from execution, verify integrity before any run, and ask the user for explicit confirmation before executing a newly downloaded binary.
If any embedded token is valid, someone could potentially use it to access or change Fangcloud data.
The reference documentation contains real-looking bearer tokens instead of placeholders. Even if they are test tokens, publishing token-shaped secrets is not needed for the skill purpose and may expose account access if valid.
--header 'Authorization: Bearer 583fad43-3265-45df-9e13-91fa5a22a2ca'
Remove all hardcoded tokens from the reference file, replace them with `<TOKEN>`, revoke any exposed tokens, and scan repository history for additional credential leakage.
The agent may gain broader Fangcloud account or enterprise authority than the registry metadata suggests.
The skill reads local user and admin Fangcloud tokens, but the registry metadata declares no env vars or primary credential. Admin-token use is high privilege and is not clearly scoped to a narrow allowlist.
Skill 自动从环境变量获取 Token: - `FANGCLOUD_ADMIN_TOKEN`: 用于 URL 中包含 `admin` 的企业级接口。 - `FANGCLOUD_USER_TOKEN`: 用于普通用户级接口。
Declare required credentials in metadata, document token scopes, avoid providing admin tokens unless necessary, and require explicit approval before any admin or enterprise-level operation.
A mistaken or manipulated agent action could call the wrong Fangcloud endpoint, share data, invite collaborators, overwrite uploads, or change cloud files.
The CLI exposes a raw method/URL/data API command rather than only narrow task-specific commands. With Fangcloud tokens, that can enable high-impact file, sharing, collaboration, or admin operations without clearly documented global approval rules.
此 Skill 允许通过亿方云开放平台 API 执行各类操作。 ... `fangcloud api <METHOD> <URL或相对路径> [DATA_JSON]`
Use allowlisted commands for common workflows, default to dry-run for mutations, and require explicit user confirmation for delete, overwrite, share-link, collaboration, upload, and admin operations.