ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

医学文献ppt生成skill

v1.0.0

将指定医学研究论文自动生成 PPTX 汇报文件的技能。用于用户给出单篇文献标题、PMID、DOI、InfoX-Med 文献 id 或可唯一定位该论文的信息时:先用 InfoX-Med 相关检索技能精确定位目标论文,再读取全文与原文图表,最后按基础研究型汇报大纲选择性生成 PPTX。适用于"根据这篇论文生成汇报PP...

1· 57·0 current·0 all-time
by@jukiss1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's name and description (generate PPTX from medical papers via InfoX‑Med) align with the code: the scripts perform search, fetch full text/figures, extract captions, and render PPTX. However the package metadata declares no required env vars or credentials even though the code expects INFOX_MED_TOKEN and an API base. This omission is an incoherence that reduces trust: the skill legitimately needs an InfoX‑Med token but metadata does not declare it.
!
Instruction Scope
SKILL.md explicitly instructs network retrieval via InfoX‑Med and to read internal reference files — that matches the code. But the runtime instructions and scripts access environment variables (INFOX_MED_TOKEN, optionally INFOX_MED_API_BASE) and call external HTTP endpoints to fetch full text and images. The skill also contains logic to attempt to normalize/derive tokens from INFOX_MED_TOKEN (token parsing/guesses). The instructions do not declare or warn about sending paper content or extracted images to these external endpoints, which is a scope and transparency issue.
Install Mechanism
There is no install spec (instruction + local scripts only). Nothing is downloaded or executed from arbitrary external installers during install. That is the lowest install risk. The risk arises at runtime due to network calls from provided scripts, not from installation.
!
Credentials
The code expects and uses INFOX_MED_TOKEN and an API base (INFOX_MED_API_BASE). The skill metadata declares no required env vars — mismatch. Additionally, medical_search.py embeds a literal default API_TOKEN value in source, and fetch_fullpaper.py defaults API_BASE to an IP address (http://60.205.166.229:9306). Hard-coded credentials and an IP-default are unexpected and disproportionate: they can leak credentials or route requests to a possibly untrusted host. The scripts will transmit paper identifiers and request full text/figures over the network, so the token and target host determine where potentially sensitive content is sent.
Persistence & Privilege
The skill is not set to always:true and does not appear to alter other skills' configs or request persistent system-wide privileges. It runs as on-demand scripts that may call external APIs; that's normal for this capability. Autonomous invocation is allowed (platform default) but not an additional red flag here by itself.
Scan Findings in Context
[hardcoded-credential] unexpected: medical_search.py contains a hard-coded default API_TOKEN string (visible in source). Embedding API tokens in code is risky and unexpected; credentials should be provided at runtime via environment variables or secure vaults.
[external-ip-default] unexpected: fetch_fullpaper.py defaults INFOX_MED_API_BASE to an IP address (http://60.205.166.229:9306). Using a raw IP as a default remote API host is unusual and increases risk (hard to verify legitimacy). The SKILL.md/homepage do not declare or justify this endpoint.
[reads_INFOX_MED_TOKEN_env] expected: The scripts expect INFOX_MED_TOKEN and will attempt to normalize/derive token candidates from it; that is functionally expected for connecting to InfoX‑Med, but the skill metadata failed to declare this required environment variable.
What to consider before installing
This skill appears to implement what it claims (search InfoX‑Med, fetch full text/figures, and render PPTX), but there are important red flags you should address before installing or running it: - Credentials & endpoint: The code expects INFOX_MED_TOKEN and uses an API base; metadata does not declare these. medical_search.py has a hard-coded API token and fetch_fullpaper.py defaults to an IP address (60.205.166.229:9306). Treat these as suspicious: verify the token and the endpoint with the skill author or your InfoX‑Med administrator before use. Do not assume the embedded token or IP are legitimate. - Data exfiltration risk: At runtime the scripts will send identifiers and perform network requests to external servers to retrieve full text and images. If you will process non-public or sensitive material, audit and control which network hosts are contacted and avoid sending sensitive content to untrusted endpoints. - Operational recommendations: - Ask the author to remove any hard-coded tokens and declare required env vars in the skill metadata (INFOX_MED_TOKEN, optional INFOX_MED_API_BASE). - If you proceed, supply your own token via environment variable and override API_BASE to the official InfoX‑Med domain if provided by your organization. - Run the skill in an isolated environment (restricted network) first and monitor outbound connections to verify the actual endpoints used. - Review and, if needed, replace the default API_BASE/IP and remove embedded credentials before trusting the skill in production. - Prefer obtaining this skill from a verified source or require the author to publish a homepage/release notes so you can validate provenance. Given these mismatches (undeclared env var, embedded token, IP default), treat the package as suspicious until the origin and the endpoint/credential issues are resolved.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e7cdhnqtwp1txvvv2cmykgn840cxg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments