Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Financial Product Workflow
v1.0.0[何时使用]当用户需要构建金融产品工作流时;当用户说"金融产品从 0 到 1"时;当需要产品经理工作流(需求分析/产品设计/技术评审/开发跟进/测试验收/上线运营)时;当需要设计自运营产品时;当需要串联 OpenClaw + Claude Code + 开发工具时
⭐ 0· 50·0 current·0 all-time
by@lj22503
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to integrate with many external tools (Jira, Confluence, GitHub, DingTalk/WeCom/Feishu, SensorsData/神策, SearXNG,墨刀/Figma, etc.) and includes example scripts for API calls, but the registry metadata declares no required env vars, no primary credential, and no install. Either the metadata is incomplete or the instructions are overstating capabilities. Requesting many third‑party tokens would be reasonable for a tool‑integration skill, but the package metadata failing to list those is an incoherence.
Instruction Scope
SKILL.md (and other docs) instruct the agent to call APIs, detect local tool configuration, and run scripts (e.g., scripts/jira-create-issue.py, confluence-create-page.py, searxng-search.py). Examples show code that would read environment variables and contact external endpoints (JIRA server, SensorsData API). The runtime instructions therefore go beyond passive document generation and expect access to credentials and network; that scope is not reflected in the declared requirements. The instructions do not appear to read unrelated system secrets, but they do depend on user credentials and scripts that are not present in the manifest.
Install Mechanism
This is instruction-only and has no install spec, which is low risk in itself. However README suggests installing OpenClaw via a curl|bash and using 'clawhub install' — those are external operations the user might perform separately. The skill references scripts (scripts/) but the manifest provided here contains only documentation files (no scripts). If those scripts are later shipped or downloaded, that would increase risk; currently no archive download/extract is declared.
Credentials
The documentation explicitly documents numerous environment variables and secrets (JIRA_SERVER, JIRA_EMAIL, JIRA_API_TOKEN, CONFLUENCE_API_TOKEN, GITHUB_TOKEN, DINGTALK_WEBHOOK, FEISHU_WEBHOOK, GOOGLE_API_KEY, etc.) and code examples reference API calls requiring credentials. Yet the registry 'requires.env' is empty. This mismatch is a red flag: the skill will reasonably need those creds to perform automated tool integrations, but the package metadata does not declare them or explain scope/least privilege.
Persistence & Privilege
always:false and model invocation allowed (default). That combination is normal for skills that can call tools. The risk is that, if the skill is granted credentials and allowed to call APIs, it can act autonomously with those tokens. There is no evidence the skill requests persistent system changes or modifies other skills' configurations, but the docs' automation capabilities increase blast radius if misconfigured credentials are provided.
What to consider before installing
Do not provide any API tokens or secrets until you confirm exactly which scripts and runtime behaviors are present. Specific steps to reduce risk:
- Verify repository contents: the docs reference a scripts/ directory and many integration scripts (Jira/Confluence/Git/DingTalk/SensorsData). Confirm those scripts actually exist and inspect their code before running them.
- Confirm metadata vs behavior: ask the skill author to update registry metadata to list the exact environment variables the skill needs and why. Declared requirements should match SKILL.md.
- Use least-privilege credentials: create tokens with minimal scopes (e.g., a Jira token limited to a single project) and test in a staging account, not production.
- Run in an isolated environment: if you try the skill's automation, do so in a sandboxed account or org where mistakes or data leaks are low impact.
- Prefer manual (Level 3) mode first: the skill supports markdown/mermaid downgrade outputs — use that to produce docs you copy into your systems rather than giving the skill direct API access.
- If you plan to enable automated integrations, perform a code review or request the scripts and integration code, and confirm they do not exfiltrate data to unknown endpoints.
If the author cannot or will not clarify why metadata omits required env vars and provide the actual scripts, treat the skill as potentially unsafe for automatic credentialed integration.Like a lobster shell, security has layers — review code before you run it.
latestvk9765qqxj2drb821hn4rq2jwg183m1zk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.