ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

File Browser Operator

v1.0.0

Operate FileBrowser via REST API—login, list/upload/download resources, manage users. Scan for 采购单 files in scope, prompt user to download by number or all,...

0· 212·0 current·0 all-time
bylinhai@kami1983
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description align with the instructions: the skill is designed to call FileBrowser REST APIs for listing, upload/download, sharing, and user management. Nothing in the manifest demands unrelated cloud or system credentials. Minor inconsistency: the registry metadata declares no required env vars or primary credential, yet SKILL.md expects to obtain baseUrl/username/password from a local config, .env, or environment variables (FB_BASE_URL/FB_USER/FB_PASSWORD). This is plausible but should be declared explicitly by the author.
!
Instruction Scope
SKILL.md instructs the agent to read kam-filebrowser-operator/config.json (if present), project .env, or environment variables and then perform listing, download/upload, delete, share-link generation, and admin user operations. Reading .env or local config files can expose unrelated secrets in the workspace. The skill also supports returning file raw contents in-chat or generating public share links — legitimate for the purpose but high-impact for data exfiltration if misused or if the agent has unintended access. The document forbids uploading credential files, but this relies on correct agent behavior and user caution.
Install Mechanism
Instruction-only skill with no install spec and no bundled code — lowest install risk. There is nothing downloaded or written by an installer step in the manifest.
!
Credentials
The skill does not declare required environment variables in the registry metadata, but the runtime instructions explicitly reference config.json and environment variables (FB_BASE_URL/FB_USER/FB_PASSWORD) as credential sources and discuss admin tokens for user management. Not declaring these in metadata is an inconsistency that deprives users of a clear upfront view of what secrets the skill will access. The number and sensitivity of required credentials (login/password, possible admin token) are reasonable for FileBrowser integration, but they must be explicitly declared and limited.
Persistence & Privilege
The skill does not request always:true and does not include install-time hooks. It does require access to local workspace files (config.json, .env) when present; that is expected for this type of integration but increases the risk if those files contain unrelated secrets. The skill does not request modifying other skills or global agent settings.
What to consider before installing
Before installing or enabling this skill: 1) Confirm where credentials will come from — insist the author list required env vars (FB_BASE_URL/FB_USER/FB_PASSWORD) or config path in the manifest so you know what secrets the skill may read. 2) Ensure kam-filebrowser-operator/config.json or .env does not contain other unrelated secrets; prefer a dedicated config with least-privilege credentials or short-lived service account with access limited to the intended scope. 3) Verify the configured scope value is correct and restrictive (so the skill cannot access files outside the intended directory). 4) Require explicit user confirmation before any download, deletion, user-management, or share-link creation actions; treat share links as public and audit their creation. 5) If you accept the skill, run it first against a non-sensitive test scope to confirm behavior. 6) Ask the author to update the registry metadata to declare required env vars/primary credential and to document any places the agent will read workspace files — this reduces surprises.
!
config.example.json:2
Install source points to URL shortener or raw IP.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ayt8zsjgbw3rvr90397z71582vd81

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments