ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Dietu CLI Agent

v0.1.0

Use this skill when you need to operate Dietu through its official CLI for A-share market queries, strategy screening, decision workflows, or agent automatio...

0· 76·0 current·0 all-time
byKen@kenee
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description and the SKILL.md align: this is an instruction-only skill for operating the Dietu CLI (market queries, screening, decision/trading workflows). The commands and usage shown are consistent with that purpose.
!
Instruction Scope
The SKILL.md and referenced docs explicitly instruct token usage (DIETU_ACCESS_TOKEN), base URL switching (DIETU_BASE_URL), and config dir (DIETU_CONFIG_DIR) and tell the agent to run commands such as 'dietu auth login', 'dietu schema', and various 'dietu' subcommands. However, the skill metadata did not declare any required env vars or config paths. The instructions therefore access runtime context not represented in the declared requirements, which is an incoherence worth flagging. The docs also mention password login as a legacy fallback — that could lead to prompting for credentials if misused.
Install Mechanism
Instruction-only skill with no install spec and no code files; this is low-risk from a write-to-disk perspective. The README recommends 'npm i -g @mibatt/dietu@latest' but the skill itself does not perform that install; the recommendation is reasonable for using the CLI but the source of the package is unknown in the registry metadata (homepage/source absent).
!
Credentials
The SKILL.md expects and references sensitive environment variables (DIETU_ACCESS_TOKEN, DIETU_BASE_URL, DIETU_PROFILE, DIETU_CONFIG_DIR, etc.) but the skill metadata lists none and declares no primary credential. Requesting or instructing use of a PAT is appropriate for a CLI helper — but the lack of declaration in metadata is an inconsistency. The skill could instruct an agent to read or use tokens that were not signaled up-front.
Persistence & Privilege
always:false and no install actions; the skill does not request persistent/always-on presence or modifications to other skills. Autonomous invocation remains allowed (platform default) but is not combined with other high-risk flags here.
What to consider before installing
This skill appears to be a coherent Dietu CLI helper, but verify a few things before installing: (1) Ask the publisher to declare the sensitive env vars (DIETU_ACCESS_TOKEN, DIETU_BASE_URL, DIETU_CONFIG_DIR, etc.) in the skill metadata so you know what the skill expects. (2) Confirm the npm package @mibatt/dietu is the official CLI (check its repository/homepage and recent release history) before running global installs. (3) Limit where you store any PAT; prefer least-privilege tokens and CI-specific tokens rather than long-lived full-access tokens in a personal environment. (4) Be careful about DIETU_BASE_URL — an attacker-controlled base URL could redirect requests to malicious endpoints; prefer the official base URL and avoid putting secrets in env vars that may be read by other code. (5) If you will let the agent invoke this skill autonomously, consider restricting token scope or running it in an isolated environment. If the publisher cannot clarify the metadata vs. docs mismatch, treat the skill as untrusted until you can validate the CLI package and required credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk978q489eyh5h1vr0n0m7cj78s84hqb9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments