critical
suspicious.exposed_secret_literal
- Location
- references/openapi.md:332
- Finding
- File appears to expose a hardcoded API secret or token.
fangcloud_ai
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.exposed_secret_literal
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
Installing or using the skill may run an opaque binary that can access Fangcloud tokens and modify cloud files.
Why it was flagged
The skill downloads a platform-specific executable from a remote release URL at runtime. The supplied artifacts do not show pinned checksums or reviewable CLI source for the downloaded binary, and `BASE_URL` can be overridden.
Skill content
BASE_URL="${BASE_URL:-https://app.fangcloud.com/sync/vv25/knowclaw/release}" ... curl -fL "${zip_url}" -o "${tmp_zip}" ... cp "${extracted_bin}" "${bin_target}"Recommendation
Only use binaries from a trusted publisher, require checksum/signature verification, include the CLI source or reproducible build provenance, and make binary download an explicit user-approved step.
What this means
A downloaded executable can run before the user has separately inspected or approved it.
Why it was flagged
On Linux, the download script validates a freshly downloaded binary by executing it with `--help`, causing remote code execution as part of the download/health-check flow.
Skill content
"${bin_path}" --help >/dev/null 2>&1 ... if ! validate_binary "${extracted_bin}"; thenRecommendation
Separate download from execution, verify integrity before any run, and ask the user for explicit confirmation before executing a newly downloaded binary.
What this means
If any embedded token is valid, someone could potentially use it to access or change Fangcloud data.
Why it was flagged
The reference documentation contains real-looking bearer tokens instead of placeholders. Even if they are test tokens, publishing token-shaped secrets is not needed for the skill purpose and may expose account access if valid.
Skill content
--header 'Authorization: Bearer 583fad43-3265-45df-9e13-91fa5a22a2ca'
Recommendation
Remove all hardcoded tokens from the reference file, replace them with `<TOKEN>`, revoke any exposed tokens, and scan repository history for additional credential leakage.
What this means
The agent may gain broader Fangcloud account or enterprise authority than the registry metadata suggests.
Why it was flagged
The skill reads local user and admin Fangcloud tokens, but the registry metadata declares no env vars or primary credential. Admin-token use is high privilege and is not clearly scoped to a narrow allowlist.
Skill content
Skill 自动从环境变量获取 Token: - `FANGCLOUD_ADMIN_TOKEN`: 用于 URL 中包含 `admin` 的企业级接口。 - `FANGCLOUD_USER_TOKEN`: 用于普通用户级接口。
Recommendation
Declare required credentials in metadata, document token scopes, avoid providing admin tokens unless necessary, and require explicit approval before any admin or enterprise-level operation.
What this means
A mistaken or manipulated agent action could call the wrong Fangcloud endpoint, share data, invite collaborators, overwrite uploads, or change cloud files.
Why it was flagged
The CLI exposes a raw method/URL/data API command rather than only narrow task-specific commands. With Fangcloud tokens, that can enable high-impact file, sharing, collaboration, or admin operations without clearly documented global approval rules.
Skill content
此 Skill 允许通过亿方云开放平台 API 执行各类操作。 ... `fangcloud api <METHOD> <URL或相对路径> [DATA_JSON]`
Recommendation
Use allowlisted commands for common workflows, default to dry-run for mutations, and require explicit user confirmation for delete, overwrite, share-link, collaboration, upload, and admin operations.