ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

aipexbase

v1.0.2

端到端应用开发。当用户需要创建Web应用、管理系统或进行Vibe Coding时使用,从需求到部署全流程独立完成。

0· 74·0 current·0 all-time
by@kuafuai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (AiPexBase BaaS front-end / end-to-end app creation) aligns with requesting BAAS_BASE_URL and an admin/management token (BAAS_MANAGE_TOKEN). The primaryEnv matches the declared purpose. Minor inconsistency: guidance points users to register at https://www.codeflying.net while config.json contains baseUrl https://baas.kuafuai.net/baas-api — two different domains are referenced without explanation.
!
Instruction Scope
Runtime instructions tell the agent to read the skill's config.json and copy it into project directories (baas-config.json) and to perform fully automated new-app and iteration steps "无须向用户确认" (no confirmation). The skill explicitly instructs global environment changes (install nvm via curl|bash, npm -g install aipexbase-cli, sudo apt-get install zip). Copying a management token into project dirs and automating app creation/table creation with that token increases risk of credential exposure and unintended resource changes. The README otherwise limits user confirmation to deployment, but automated creation still happens earlier.
Install Mechanism
No formal install spec (instruction-only) — lowers static footprint. However SKILL.md instructs running external install commands: curl https://raw.githubusercontent.com/... | bash (nvm installer), npm i -g aipexbase-cli, and apt-get install zip (with sudo). These are common but carry moderate risk: piping remote scripts into shell and global npm installs can change system state and install arbitrary code if upstream is compromised.
!
Credentials
Only two env values are required (BAAS_MANAGE_TOKEN, BAAS_BASE_URL), which is consistent with a management CLI. But BAAS_MANAGE_TOKEN is described as an administrator/manage token — a high-privilege secret. The instructions encourage copying the global config containing this token into project directories (baas-config.json), which can leak the token (committed to source, uploaded, or exposed in build artifacts). The skill also uses localStorage tokens in frontend examples and custom upload headers (CODE_FLYING) that rely on API keys being embedded in client-side artifacts — this further increases exposure risk. Requesting an admin token is proportionate only if the user understands and consents to granting that level of access; the skill's automation and copying behavior makes accidental overexposure likely.
Persistence & Privilege
The skill is not always: true and does not request to modify other skills or system-wide settings. It does, however, instruct creating files under project directories (baas-config.json) and recommends copying sensitive config into per-project folders. Autonomous invocation is allowed by default (agent can act without each explicit user confirmation) — combined with the admin-level token and the skill's stated "no confirmation for app creation" policy, this increases blast radius if the skill is run autonomously.
What to consider before installing
Before installing or enabling this skill, consider the following: (1) It requires BAAS_MANAGE_TOKEN (an admin/manage credential). Provide a least-privilege key if possible — avoid giving a full admin token. (2) The skill's runtime will copy config files with that token into project folders and suggests embedding API keys in client-side code and uploads; those files can be accidentally committed or published. (3) The skill instructs global system changes (curl|bash to install nvm, npm -g install, sudo apt-get) — review and run these commands manually in a controlled environment rather than letting the agent run them unattended. (4) The skill will perform automated app/table creation without extra confirmation (deployment is the only step that explicitly requires consent) — expect it to create resources if invoked. (5) The package references multiple external domains (codeflying.net vs baas.kuafuai.net) but has no source or homepage; lack of provenance increases risk. Recommended actions: only use in an isolated test environment, avoid storing a full admin token in skill config (use scoped API keys), review all generated baas-config.json files before committing, and require explicit user confirmation for destructive or resource-creating operations. If you need higher assurance, ask the skill author for source code or an audited install package and a clear explanation of the domain/endpoint differences.

Like a lobster shell, security has layers — review code before you run it.

latestvk978yettdn5b955dvycr9qdmr184x8vv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvBAAS_MANAGE_TOKEN, BAAS_BASE_URL
Primary envBAAS_MANAGE_TOKEN

Comments