Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
AK Data Daily Timeout Report
v1.0.0Unified daily timeout entry for AK Data single job type: task timeout + crawler timeout + comparison + drill-down examples with log request.
⭐ 0· 48·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The SKILL.md and MIGRATION.md describe a unified entry that orchestrates several Python reporting scripts and reads job/log data, which is coherent with the name. However, the actual skill bundle does NOT include the referenced Python scripts (scripts/data/run_*.py) and the registry metadata declares no environment variables or credentials — yet MIGRATION.md explicitly requires DB credentials and config. The declared requirements do not match the actual capabilities/dependencies.
Instruction Scope
Runtime instructions (run.sh and SKILL.md) tell the agent to execute Python reporting scripts, read produced JSON, and optionally return raw 'request' payloads from logs. Those actions require access to project files, DB credentials (.env), and underlying scripts that are missing from the bundle. The SKILL.md also instructs including potentially sensitive fields (request, req_ssn) in outputs; that expands the data surface.
Install Mechanism
There is no install spec (instruction-only + run.sh), which is low risk in itself. But MIGRATION.md says the pack needs to be bundled and notes Python 3.10+ and pip dependency 'pymysql'. Those runtime deps are not declared in metadata. The run.sh execs python3 scripts located outside the skill folder (ROOT_DIR/scripts/...), so the packaged skill as provided is unusable without copying extra files.
Credentials
Registry metadata lists no required env vars, but MIGRATION.md demands DB credentials (ANKER_JOB_DB_HOST/PORT/USER/PASSWORD/NAME/CHARSET) and a configs file. Requesting full DB credentials is proportionate to the task if the scripts are present, but it's not declared up front — this mismatch is risky. The skill also expects to surface raw 'request' payloads which may contain sensitive PII; that needs explicit handling and justification.
Persistence & Privilege
The skill does not request always:true and contains no install procedure that writes persistent agents-level configuration. run.sh simply execs Python scripts; there is no evidence it modifies other skills or system-wide settings.
What to consider before installing
Do not install or run this skill as-is in a production environment. Key points to check before using: 1) The bundle is incomplete — ask the publisher for the referenced scripts (scripts/data/run_*.py) and the packaging bundle; the SKILL.md/MIGRATION.md assume those exist. 2) Confirm exactly which environment variables and configuration files are required (the MIGRATION.md lists ANKER_JOB_DB_* variables and a configs JSON) and ensure the skill metadata is updated to declare them. 3) Inspect the missing Python scripts for any network I/O or exfiltration code (outbound requests, sockets, uploads) before providing DB credentials. 4) If you must run it, use a dedicated read-only DB account limited to the minimal tables and fields needed, run in an isolated environment, and avoid including production secrets in a shared .env. 5) If the skill will return 'request' payloads, ensure you understand and redact any sensitive data. If the publisher/source is unknown or cannot provide the full scripts and a security review, treat this package as unsafe to run.Like a lobster shell, security has layers — review code before you run it.
latestvk97c5915sqy51c7qwx4w0ymgdx84ccm8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.