Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Q Erp
v1.0.7千易 ERP 管理查询技能(一期)。覆盖今日经营动态、商品销售情况、增长潜力;所有查询必须通过 q-claw。
⭐ 1· 113·0 current·0 all-time
bylee@ljqdh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose is ERP management queries and it repeatedly mandates using `q-claw` for all queries. However, the registry metadata declares no required binary, integration, or primary credential for `q-claw`. If `q-claw` is a separate tool or plugin, the skill should declare that dependency (or required environment variables/credentials). The missing declaration is disproportionate to the explicit requirement to always call `q-claw`.
Instruction Scope
SKILL.md is narrowly scoped to read user intent, route to one of three scenes, and forward JSON payloads to `q-claw`. It forbids unrelated file reads and data fabrication, and specifies detailed time-handling and multi-turn rules — which is appropriate for its purpose. The practical issue: instructions assume availability of `q-claw` and runtime-injected fields (tenantKey/openId, context.locale) but do not define fallback behavior if `q-claw` is unavailable; that vagueness could cause the agent to either abstain or attempt unauthorized guesses.
Install Mechanism
No install spec and no code files — lowest-risk distribution model. Because this is instruction-only, nothing is written to disk by the skill package itself.
Credentials
The skill declares no required environment variables or primary credential, yet the runtime instructions expect `tenantKey/openId` to be injected and require calling `q-claw` (which likely needs credentials in practice). The absence of declared credentials makes it unclear what secrets the agent or platform must provide to the skill at runtime; that mismatch is disproportionate and should be resolved.
Persistence & Privilege
The skill is not always-enabled and does not request persistent or cross-skill configuration changes. Autonomous invocation is allowed (platform default) but there are no extra privileges requested by the skill itself.
What to consider before installing
Before installing, verify these points: (1) What is `q-claw` and is it provided by your platform? The skill requires it but doesn't declare it. (2) Confirm how tenantKey/openId and context.locale are supplied — the skill expects them injected at runtime but doesn't request credentials; know which service holds those secrets. (3) Ask where the `verificationUri` links come from and ensure they point to trusted authorization endpoints. (4) If you proceed, test the skill in a restricted/non-production environment and limit any credentials granted to least privilege. If the publisher can clarify the `q-claw` dependency and required runtime credentials, the mismatch here would be resolved and confidence would improve.Like a lobster shell, security has layers — review code before you run it.
latestvk97114xa16hn4krb9nnvrmpcfn84weqf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.