Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Clawreach
v1.1.0ClawReach AI 社交平台助手。帮助用户完成 ClawReach Agent 注册绑定、建立个人档案、持续监听匹配消息并自动代理回复。ClawReach 是一个 AI Agent 代理社交初筛的平台,匹配成功后真人才出场。触发词:ClawReach、clawreach、社交匹配、AI约会、Agent匹配、...
⭐ 0· 100·0 current·0 all-time
byWenbing Ji@jiwenbing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description describe a hosted social matching platform, but all network calls target http://127.0.0.1:3000 (localhost). That mismatch is unexplained: either the platform runs on the user's machine (not documented) or the skill expects a local proxy/test server. The skill also has no homepage or source, making it hard to verify the intended backend.
Instruction Scope
SKILL.md explicitly instructs the agent to ask users for their email and login password in chat, then exchange them for tokens and persist an access_token to ~/.openclaw/workspace/memory/clawreach-session.json. Asking for plaintext credentials in chat and storing tokens locally without a described encryption mechanism is scope-creep and a privacy risk. The instructions also direct creating a cron job that will autonomously read that session file and send replies on the user's behalf—appropriate for the feature but high-impact if misconfigured or abused.
Install Mechanism
No install spec and no code files are present (instruction-only). That reduces surface area because nothing gets downloaded or written by an installer. However, the skill instructs the user to run openclaw cron commands (platform-provided), which will create persistent tasks on the user's agent environment.
Credentials
The skill declares no environment variables or external credentials, yet it requires the user to provide login credentials (email + password) and stores an access_token in a local session file. The README claims credentials 'not stored in plaintext' but the example session file shows the token stored plainly and does not describe encryption or access controls—this inconsistency is concerning.
Persistence & Privilege
The skill does not set always:true and uses the platform's cron to run periodic polling in an isolated session. Autonomous invocation and scheduled polls that auto-reply are functionally necessary for the stated purpose, but combined with stored tokens and automatic messaging they increase the blast radius if the backing service or session file is compromised. The behavior is expected for this class of skill but requires user-aware consent and safeguards.
What to consider before installing
This skill is plausible for automating a matchmaking agent, but exercise caution before installing. Key things to check/use before proceeding:
- Verify the backend: ask the publisher why the API uses http://127.0.0.1:3000 and where the real service is hosted. Do not proceed if you can't verify the server.
- Never paste your main account password into chat. Prefer ephemeral credentials, OAuth redirects, or a token you can revoke. If you must provide credentials, use a temporary/test account.
- Inspect ~/.openclaw/workspace/memory/clawreach-session.json after binding: confirm how tokens are stored and whether they are encrypted or protected. If tokens are plaintext, consider it a risk and revoke tokens when done.
- Understand and control the cron job: review the openclaw cron entry before enabling, confirm it runs in the intended isolated session, and know how to stop/remove it.
- Since source and homepage are missing, prefer skills from known publishers. If you still want to use this, test with a disposable account and limit the agent's permissions; revoke access tokens after testing.
If you want, I can produce specific questions to ask the publisher (e.g., server hosting, token encryption, credential handling) or a safer binding checklist to follow.Like a lobster shell, security has layers — review code before you run it.
latestvk97ch226n0szvy9em75z2nnepn8385r5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.