ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Sif Keyword Traffic

v1.0.0

亚马逊商品的关键词流量来源分析,涵盖自然搜索、SP广告、品牌广告和推荐位。当用户提到关键词流量结构、流量来源拆解、自然流量与付费流量比例、SP广告曝光、品牌广告占比、搜索展示分析、Amazon's Choice或编辑推荐曝光、关键词竞争格局、ASIN流量构成、keyword traffic, traffic st...

0· 29·0 current·0 all-time
by@linkfox-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill's name, description, SKILL.md, reference doc and Python script consistently implement Amazon keyword-traffic analysis via the LinkFox tool-gateway API — the requested capability (calling an external traffic-summary API) is coherent with the stated purpose.
Instruction Scope
Runtime instructions and the bundled script only build and POST a JSON request to the documented LinkFox endpoint and print the response; they do not read arbitrary local files or access unrelated system state. All parameters are limited to intended query fields (keyword, country, filters, pagination).
Install Mechanism
No install spec or remote downloads are used; the skill is instruction-only with a small helper script. Nothing is written to disk by an installer step beyond the provided script.
!
Credentials
The Python script and references/api.md require an API key from the environment variable LINKFOXAGENT_API_KEY and instruct the user how to set it, but the skill registry metadata lists no required environment variables or primary credential. This omission is an inconsistency: the key is proportionate to the skill's purpose, but it is not declared in the manifest and therefore could be overlooked by users or automated permission reviews.
Persistence & Privilege
The skill does not request elevated or persistent platform privileges. always:false and normal model invocation are used. The skill does not attempt to modify other skills or system configuration.
What to consider before installing
This skill appears to implement Amazon keyword-traffic analysis and will call an external API at tool-gateway.linkfox.com. Before installing: (1) verify you trust the LinkFox domains and the provider; (2) expect to supply an API key via LINKFOXAGENT_API_KEY — the manifest incorrectly omits this requirement, so do not assume no credentials are needed; (3) ensure the API key you provide has limited scope and is stored securely; (4) review network traffic policies if you have restrictions on external calls; and (5) if you need higher assurance, ask the publisher to update the registry metadata to declare LINKFOXAGENT_API_KEY and provide a clear privacy/security statement.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f01q44pe8tjamj5nabjw1m1843jqa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments