ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

阿里云的联网搜索

v1.0.1

阿里云信息查询服务(IQS)UnifiedSearch API联网搜索

2· 382·1 current·1 all-time
by@lilisidu1210-ui
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binary (node), and required env var (ALI_IQS_API_KEY) align with using Aliyun IQS UnifiedSearch; the scripts only call the documented endpoint and parse results.
Instruction Scope
SKILL.md tells the agent to run the included Node scripts. The scripts only read ALI_IQS_API_KEY (from environment or a local .env), send the query to https://cloud-iqs.aliyuncs.com/search/unified, filter results, and print JSON—no unrelated file reads, network destinations, or broad data collection.
Install Mechanism
This is instruction-only with bundled scripts and no install spec; it requires node to be present. No external downloads or archive extraction are performed.
Credentials
Only ALI_IQS_API_KEY is required (declared as primary). The scripts optionally read a local .env for convenience, which is consistent with the README but not excessive.
Persistence & Privilege
always is false, no system-wide configuration changes are attempted, and the skill does not modify other skills or request persistent elevated privileges.
Assessment
This skill appears coherent and only needs your Aliyun IQS API key. Before installing: ensure the ALI_IQS_API_KEY you provide has only the necessary IQS permissions and quota limits; prefer setting the key as an environment variable rather than placing it in a shared .env file; avoid sending sensitive secrets or private data as search queries since they will be transmitted to Aliyun; verify you trust the skill source (owner ID is unfamiliar) and consider rotating the key if you later remove the skill or suspect misuse.
scripts/debug-search.mjs:9
Environment variable access combined with network send.
scripts/search.mjs:9
Environment variable access combined with network send.
!
scripts/debug-search.mjs:16
File read combined with network send (possible exfiltration).
!
scripts/search.mjs:16
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔍 Clawdis
Binsnode
EnvALI_IQS_API_KEY
Primary envALI_IQS_API_KEY
latestvk974y7zcmbyzk6dcgpw1ag6rp182vdn5
382downloads
2stars
2versions
Updated 5h ago
v1.0.1
MIT-0
@lilisidu1210-ui
latest
Download

阿里云IQS搜索

使用阿里云信息查询服务(Intelligent Query Service, IQS)的UnifiedSearch API进行联网搜索。

配置要求

需要 ALI_IQS_API_KEY 环境变量,从阿里云IQS控制台获取。

搜索

node {baseDir}/scripts/search.mjs "query"

API详情

  • 端点: https://cloud-iqs.aliyuncs.com/search/unified
  • 认证: Bearer Token
  • 返回结果包含标题、链接、主要内容和重排序分数
  • 自动过滤分数低于0.5的结果

特性

  • 基于阿里云IQS UnifiedSearch
  • 支持重排序和内容提取
  • 返回结构化搜索结果
  • 自动质量过滤

Comments

Loading comments...