Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
leesen86-news
v1.0.0加密快讯抓取与筛选技能。使用当需要:(1) 从 BlockBeats 拉取快讯数据,(2) 按关键词筛选多条资讯,(3) 输出去 HTML 标签且时间已格式化的 JSON,用于后续自动化处理。
⭐ 0· 178·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The core new.js fetcher matches the skill description (pulls from BlockBeats, filters keywords, strips HTML, formats timestamps, prints JSON). However the package also includes push-news.js and send-feishu.js which implement automatic push to a local Gateway (Feishu) using embedded credentials; that extends the skill beyond a pure data-source and may be surprising to users.
Instruction Scope
The SKILL.md instructs only running new.js to produce JSON, but the repository contains additional runtime scripts (push-news.js, send-feishu.js) that the README does not explicitly advertise as present or dangerous. Those scripts call new.js via child_process.execSync, send HTTP requests to http://127.0.0.1:18789, and write/modify .sent-news.json — side effects that are not described in the usage instructions and could run if a user invokes the push scripts.
Install Mechanism
There is no install spec (instruction-only style). All files are included in the skill bundle; no external download/install actions occur during installation. The bundle contains a standard ws dependency in node_modules, which is unnecessary for the fetch-only script but not itself hostile.
Credentials
The skill declares no required environment variables, but push-news.js and send-feishu.js embed a bearer token (GATEWAY_TOKEN) and fixed gateway URL (http://127.0.0.1:18789) and account/target identifiers. Hard-coded credentials in distributed code are sensitive and disproportionate: they grant access to a local gateway API and should not be assumed safe. Ideally such tokens are provided by the user via environment/config.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It creates and updates a local cache file (.sent-news.json) in its directory to track sent items, which is expected behavior for a push script.
What to consider before installing
This skill's new.js matches the advertised purpose and is safe to inspect/run for fetching/formatting BlockBeats news. However: (1) review push-news.js and send-feishu.js before running — they contain a hard-coded local gateway URL and bearer token that will POST messages to http://127.0.0.1:18789 and could interact with your local OpenClaw gateway or similar service; (2) if you only want the fetcher, run new.js directly and ignore/remove the push scripts; (3) prefer replacing embedded tokens with environment variables or removing them entirely if you don't intend to use the push feature; (4) check .sent-news.json (the script will write/update it) and back it up if needed; (5) consider removing the included node_modules or auditing dependencies (ws) if you have strict supply-chain policies. If you want a firmer classification (benign vs malicious), provide the intended deployment environment for the gateway endpoint and whether the embedded token is known/trusted.push-news.js:43
Shell command execution detected (child_process).
push-news.js:19
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97b5154ejnwqmgz9xacf5g21582t98e
License
MIT-0
Free to use, modify, and redistribute. No attribution required.