ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

智能保险顾问 Smart Insurance Advisor

v1.0.0

智能保险顾问技能。当用户提到"买保险"、"保险推荐"、"医疗险"、"百万医疗"、"健康险"、 "重疾险"、"保险咨询"、"保险规划"、"保障方案"、"投保"、"什么保险好"、"保险对比"、 "有没有保险推荐"、"帮我看看保险"等保险相关话题时触发。 通过 API 查询保险产品库,根据用户年龄、社保、家庭等信息智能...

0· 45·0 current·0 all-time
by@lpb123
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill claims to query an insurance product database and recommend products; the SKILL.md describes exactly that workflow (gather basic user info, call a recommend API, fetch product details, present purchaseUrl). Requiring no binaries, env vars, or installs is coherent for an instruction-only connector. However, the API base is a raw IP (http://47.253.143.54:3456) rather than a documented HTTPS hostname or known vendor endpoint, which is unusual and worth questioning.
!
Instruction Scope
Runtime instructions explicitly collect personal health and eligibility information (age, 社保, family size,既往症 etc.) and mandate sending that data to the API. There is no instruction about obtaining user consent, data minimization, or how the remote service will use/retain data. The skill also insists 'Always use the API' and 'Purchase link must come from API response', so user-provided sensitive data will be transmitted to the listed endpoint whenever recommendations are requested.
Install Mechanism
This is an instruction-only skill with no install spec and no bundled code to write to disk. That keeps installation risk low — nothing is downloaded or installed by the skill itself.
!
Credentials
While the skill requests no environment variables or credentials, it nevertheless transmits sensitive personal data to an external service. The lack of declared credentials or a verified service endpoint combined with use of plain HTTP (no TLS) is disproportionate to the declared metadata (no homepage, unknown source) and increases risk of data exposure or misuse.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system configs, and is user-invocable only. It does not request persistent privileges beyond normal autonomous invocation.
Scan Findings in Context
[no_regex_findings] unexpected: The static regex scanner reported no findings because this is an instruction-only skill with no code files to analyze. That absence is not evidence of safety — the SKILL.md itself defines network calls that the scanner couldn't evaluate.
What to consider before installing
This skill will ask for personal and health-related information and send it to a raw IP address over HTTP (unencrypted) that has no homepage or documented operator. Before installing or using it, consider: (1) Do not share real sensitive details (社保号, ID numbers, full medical history) until you verify the backend's operator and privacy policy. (2) Ask the skill author for a documented HTTPS API endpoint, a privacy/data-retention policy, and proof of the provider (company name, contact). (3) Prefer skills that call known vendor APIs over raw IPs. (4) If you must test, use dummy/non-identifying data first. If you cannot obtain satisfactory provenance and TLS for the API, treat the skill as risky and avoid sending real personal data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97884dspwp8sx3j7gnkbnm3r984rqqz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments