ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

pushplus

v1.0.1

PushPlus(推送加)消息推送服务,支持微信、邮件、短信、企业微信、钉钉、飞书等多种渠道。使用场景:(1) 系统监控告警通知 (2) 定时任务执行结果通知 (3) 业务异常告警 (4) 日常消息提醒。当用户需要发送推送消息、配置消息通知、查询推送结果时使用此 Skill。

1· 154·1 current·1 all-time
byluch@lei-mu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, SKILL.md and included scripts all align with a PushPlus notification client (calls to pushplus.plus send/batchSend and OpenAPI). However the registry metadata claims no required environment variables/credentials while SKILL.md and code require PUSHPLUS_TOKEN (and optionally PUSHPLUS_USER_TOKEN and PUSHPLUS_SECRET_KEY). That mismatch is unexpected and reduces trust in the packaging.
Instruction Scope
SKILL.md instructions and included Python code are narrowly scoped to building requests to PushPlus endpoints and to reading only the PushPlus-related environment variables. The instructions do not request reading arbitrary system files or contacting unexpected external endpoints.
Install Mechanism
This is an instruction-only skill with bundled Python scripts; there is no install spec that downloads or extracts remote artifacts. No suspicious install URLs or package installs were specified.
!
Credentials
The code legitimately needs PUSHPLUS_TOKEN for sending messages and optionally PUSHPLUS_USER_TOKEN and PUSHPLUS_SECRET_KEY for OpenAPI operations. But the registry metadata omits these requirements and only lists PUSHPLUS_TOKEN in credentials in the SKILL.md header. The omission in the registry manifest (no required envs listed) is an incoherence and could lead to credential exposure or confusion. Requesting a secret key and user token is reasonable for OpenAPI, but they are sensitive and should be clearly declared in the skill manifest.
Persistence & Privilege
The skill does not request always:true, does not attempt to modify other skills or system-wide config, and contains no autonomous background installation steps. It will run only when invoked (or when the agent autonomously chooses to call it under the platform's normal model-invocation behavior).
What to consider before installing
This skill's code and SKILL.md implement a normal PushPlus client and only call pushplus.plus endpoints, but the registry metadata is inconsistent: it incorrectly lists no required environment variables while the SKILL.md and scripts require PUSHPLUS_TOKEN (and optionally PUSHPLUS_USER_TOKEN and PUSHPLUS_SECRET_KEY). Before installing: (1) confirm you trust the skill source (owner is unknown); (2) prefer providing only a message token (PUSHPLUS_TOKEN) rather than the more powerful PUSHPLUS_USER_TOKEN/SECRET unless you need OpenAPI features; (3) review the included scripts locally to verify endpoints and behavior (they are small and readable); (4) if you don't want the agent to call the skill autonomously with your tokens, avoid enabling autonomous invocation or do not store credentials in an agent-global environment; and (5) ask the publisher to correct the registry metadata so required env vars/credentials are declared explicitly. If you need higher assurance, run the scripts in an isolated environment or a read-only review before granting secrets.

Like a lobster shell, security has layers — review code before you run it.

latestvk9770wsfnevs1a5d5pv1a0kgch8374gj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Environment variables
PUSHPLUS_TOKENrequiredPushPlus 用户 Token/消息 Token(用于基础推送功能)
PUSHPLUS_USER_TOKENoptionalPushPlus 用户 Token(用于 OpenAPI 功能)
PUSHPLUS_SECRET_KEYoptionalPushPlus SecretKey(用于 OpenAPI 功能)

Comments