ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Hiking Tracker

v1.0.0

登山追踪 - 路线记录、海拔分析、安全提醒

0· 32·0 current·0 all-time
by@kaising-openclaw1
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The described functionality (route logging, elevation, safety, weather) is coherent for a 'Hiking Tracker'. However the SKILL.md expects a 'clawhub' CLI to be present and the README implies installing via 'npx clawhub@latest', yet the registry metadata lists no required binaries while _meta.json claims 'curl' is required—these mismatches mean the skill's runtime requirements are unclear.
Instruction Scope
SKILL.md only instructs running 'clawhub hike ...' commands (no explicit file reads or extra env access). That scope is narrow, but the instructions are vague about what those commands do (they may send trail names/locations to external services). The agent would need to invoke an external CLI not provided by the skill, which is an operational gap to verify.
!
Install Mechanism
There is no formal install spec in the registry entry, but README suggests installing via 'npx clawhub@latest install hiking-tracker' (which would pull code from npm). This discrepancy (no install declared vs. README guidance) is risky because it asks users to fetch and run a package from the network without providing a trusted homepage or source.
Credentials
The skill declares no required env vars or credentials (good). Yet _meta.json lists 'curl' as a required binary while registry metadata lists none—an inconsistent manifest. There are no explicit requests for sensitive credentials, but the lack of provenance for network calls remains a concern.
Persistence & Privilege
The skill does not request always: true and is user-invocable only. There is no indication it modifies other skills or requires persistent elevated presence.
What to consider before installing
This skill appears to be a simple hiking helper, but the package metadata and docs don't match. Before installing or running anything: (1) verify the provenance—ask the publisher for a homepage or repository and inspect the actual code for 'clawhub'; (2) do not run the suggested 'npx clawhub@latest' install until you confirm the package identity and trustworthiness; (3) confirm which CLI/binaries are actually required (clawhub vs curl) and where network calls go (what weather/safety endpoints receive trail/location data); (4) if you must test, do so in a sandboxed environment or container and monitor outgoing network traffic; (5) if unsure, request a version with a clear install spec and source code before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e46t8rx7hzyc3va3kv9x3hh85bxvq
32downloads
0stars
1versions
Updated 15h ago
v1.0.0
MIT-0
@kaising-openclaw1
latest
Download

Hiking Tracker

登山追踪工具,记录你的登山旅程。

功能

  • ✅ 路线记录
  • ✅ 海拔分析
  • ✅ 安全提醒
  • ✅ 天气预警
  • ✅ 统计报告

使用

# 记录登山
clawhub hike log --trail "华山" --distance 10 --elevation 1000

# 海拔分析
clawhub hike elevation --trail "华山"

# 安全提醒
clawhub hike safety --trail "华山"

# 天气预警
clawhub hike weather --trail "华山"

定价

版本价格功能
免费版¥0基础记录
Pro 版¥39全部功能
订阅版¥9/月Pro+ 离线地图

Comments

Loading comments...