Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
JumpServer
v1.0.0Use for JumpServer V4 preflight, `.env.local` initialization, org selection, and read-only asset, permission, audit, and access queries through the bundled `...
⭐ 0· 82·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's name/description say it's a read-only JumpServer preflight/query helper, which matches the included scripts' behavior. However the registry metadata declares no required environment variables or primary credential while the implementation plainly expects JMS_API_URL and either AK/SK or username/password (and will persist them). The manifest omission is an incoherence: a JumpServer integration legitimately needs those env vars, so they should be declared.
Instruction Scope
SKILL.md instructs the agent to run local CLI scripts that will: collect credentials interactively, call the SDK against the JumpServer API, and write a .env.local file (including secrets) via config-write and select-org --confirm. The skill claims 'read-only' for business objects, and the code enforces query-only behavior, but the instructions and code explicitly allow writing .env.local and persisting JMS_ORG_ID (including an automatic special-case write for certain org sets). That means the skill will collect and persist sensitive credentials and perform network calls — this scope is broader than the registry metadata indicates.
Install Mechanism
There is no registry install spec, but the code includes a bootstrap helper that will detect missing Python packages from requirements.txt and (if invoked with the confirm flag) call pip to install them. The requirements file only lists jumpserver-sdk-python, and the bootstrap enforces simple requirements, so the install path is typical for Python CLI tools. Automatic pip install via subprocess is a moderate-risk action (it writes code to disk from PyPI), but it is expected for a local CLI script.
Credentials
The implementation requires JMS_API_URL and either JMS_ACCESS_KEY_ID/JMS_ACCESS_KEY_SECRET or JMS_USERNAME/JMS_PASSWORD and will write them into .env.local. None of these required credentials were declared in the skill registry metadata. Additionally, scripts disable HTTPS verification (verify=False) and suppress certificate warnings, which reduces transport security and increases risk if credentials are used against an intercepted connection.
Persistence & Privilege
The skill writes persistent configuration (.env.local) and JMS_ORG_ID into its own skill directory and reloads that config. It does not set always:true and does not modify other skills' configs. Persisting secrets to a local file is expected for this tool but is a privileged action (persisting credentials to disk); users should ensure the file's location and filesystem permissions are acceptable.
What to consider before installing
This repository appears to be a legitimate JumpServer read-only helper, but there are several things to consider before installing: (1) the registry metadata declares no required env vars, yet the code will ask for JMS_API_URL and credentials (AK/SK or username/password) and will write them to a local .env.local — be comfortable with storing those secrets on disk in the skill directory. (2) The runtime disables HTTPS certificate verification (verify=False), increasing MITM risk; avoid using production credentials against untrusted networks or ask the maintainer to make verification configurable. (3) The bootstrap can auto-install the jumpserver SDK via pip if you allow it — review and trust the PyPI package/version before confirming installs. (4) The skill enforces read-only query behavior in code, but the agent will persist JMS_ORG_ID automatically in a special-case; review that behavior if you care about persisted organization selection. Recommended actions: inspect the scripts yourself, run them in an isolated environment or container, limit which JumpServer account/credentials you provide (use a least-privilege read-only account), and ensure .env.local is secured or not used for sensitive production credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk971neyek11petz431hxtdpmjh83k6zc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.