Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Zrise Connect Release
v3.3.1Connect and operate Zrise tasks via XML-RPC API using Lobster workflows for approval-based task execution and result writeback.
⭐ 1· 84·0 current·0 all-time
byKhoa@khoabd
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
SKILL.md and the skill description state the integration must operate via Lobster workflows (approval-based writeback). However multiple docs and scripts (docs/AGENT_TO_AGENT.md, docs/SIMPLE_WORKFLOW_GUIDE.md, workflow_manager_ui.py snippets) explicitly recommend or implement bypassing Lobster and spawning agents directly (subprocess calling 'openclaw agent ...'), which would give agents broad ability to fetch, execute, spawn subagents, and write back results. That behavior contradicts the stated purpose of strict Lobster-mediated, approval-gated execution.
Instruction Scope
SKILL.md itself is narrow and prescriptive (use lobster run ... and wait for approvals). But other runtime instructions and code examples in the repo instruct the system to: (a) modify the UI to POST /api/sessions/{task_id}/trigger and spawn agents directly, (b) let agents 'decide' to spawn subagents and auto-writeback to Zrise, and (c) send approval requests via chat channels. These broader instructions allow automated actions and data writeback that go beyond the conservative approval flow claimed in SKILL.md.
Install Mechanism
There is no formal install spec, but SKILL.md shows a recommended Lobster install via git clone from GitHub and npm install/tsc (https://github.com/openclaw/lobster.git) and linking a binary into ~/bin. That is a traceable GitHub source (not a random URL) but requires running npm install and compiling TypeScript — a moderate installation step that will produce code on disk. No arbitrary remote binaries or obscure URLs were detected.
Credentials
The registry metadata claims no required env vars/credentials, yet README/docs enumerate and assume multiple sensitive settings (ZRISE_URL, ZRISE_DB, ZRISE_USERNAME, ZRISE_API_KEY, GEMINI_API_KEY, Telegram bot tokens, OpenClaw config entries). This mismatch is important: the skill will not function without Zrise credentials and possibly messaging/model API keys, so asking for no env vars in the manifest is inconsistent and understates required sensitive access.
Persistence & Privilege
always:false (good), but the codebase includes UI/server modifications and subprocess spawns that call 'openclaw agent' and may write state (state/ and config/ files). If deployed with default autonomous invocation, the agent-to-agent patterns in the repo would let spawned agents autonomously perform network operations and writebacks. The combination of autonomous agents and documented code that bypasses approval gates increases potential blast radius and should be treated cautiously.
What to consider before installing
This skill bundle is internally inconsistent: SKILL.md insists on an approval-based Lobster workflow, but other docs and code promote bypassing Lobster and spawning agents directly (including subprocess calls to 'openclaw agent') and expect Zrise, Telegram, and AI provider credentials. Before installing: 1) Inspect invoke_agent_for_task.py, workflow_manager_ui.py, and any code that spawns subprocesses or calls 'openclaw agent' to confirm whether it will bypass approvals or auto-writeback to Zrise. 2) Treat ZRISE_API_KEY, Telegram bot tokens, and model API keys as sensitive — do not provide them until you verify the code path that uses them. 3) Run in an isolated/test environment (not production) and with least-privilege credentials. 4) If you need strict approval gates, reject or remove the agent-to-agent direct-spawn code and enforce the Lobster workflows referenced in SKILL.md. 5) Consider asking the publisher for a clear statement which workflow mode is authoritative (Lobster-only vs agent-to-agent) and for a minimal manifest that lists the required env vars.Like a lobster shell, security has layers — review code before you run it.
latestvk97cacg12d0kmrbfpncc9f7wms83fx4d
License
MIT-0
Free to use, modify, and redistribute. No attribution required.