ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Yixiaoer Rotator Skill

v1.0.5

蚁小二账号轮询管理器 - 多账号矩阵自动轮询发布,支持按平台独立维护索引、状态持久化。使用场景:需要管理多个平台账号(如哔哩哔哩、头条号、百家号等),自动轮询发布避免重复使用同一账号。触发词:账号轮询、多账号管理、蚁小二发布、自动切换账号、矩阵发布。

1· 144·1 current·1 all-time
by@lsx1205
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The described purpose (rotating platform accounts via the 蚁小二 API) matches the script's behavior: it syncs accounts, maintains per-platform indices, persists a JSON state, and returns next account IDs. Requesting an API key and member ID is reasonable for this purpose. However, the registry metadata lists no required environment variables or primary credential while SKILL.md and the script clearly require YIXIAOER_API_KEY and YIXIAOER_MEMBER_ID — an incoherent metadata declaration.
Instruction Scope
SKILL.md and the script instruct running node scripts in the skill directory and calling the yixiaoer-skill's scripts/api.ts. The instructions are mostly scoped to account-sync and state management. Concerns: the README/SKILL.md tell users to cd into an absolute workspace path (/root/.openclaw/...); the script hardcodes the path '/root/.openclaw/workspace/skills/yixiaoer-skill/scripts/api.ts', which may not exist or may point to a different codebase on some systems. The SKILL.md claims temporary-file-based payload passing, but the script actually passes a --payload argument (with in-place escaping).
Install Mechanism
This is an instruction-only skill with a local Node script; there is no installer or remote download. That keeps install risk low. The skill depends on yixiaoer-skill (declared in clawhub.json) which should be installed separately; the external dependency is expected for the described functionality.
!
Credentials
The script requires two environment variables (YIXIAOER_API_KEY and YIXIAOER_MEMBER_ID) which are proportional to the claimed functionality but the skill metadata fails to declare them. Additionally, when the script spawns the child process it merges the parent process.env into the child's environment, meaning any other env vars (including unrelated secrets present in the agent environment) would be passed to the yixiaoer-skill process — a potential information-leakage risk if that dependent script transmits environment variables externally.
Persistence & Privilege
The skill writes a local state file (account-rotator-state.json) within its directory to persist indices — consistent with its purpose. always is false and the skill does not request elevated system privileges or modify other skills' configs. Persistence is limited to the skill directory.
What to consider before installing
This skill appears to implement the claimed account-rotation features, but there are inconsistencies you should resolve before installing: - The skill actually requires two environment variables (YIXIAOER_API_KEY and YIXIAOER_MEMBER_ID), yet the registry metadata lists none. Treat these as required secrets for operation. - Verify and audit the dependent yixiaoer-skill (scripts/api.ts) before use — the rotator calls that script and passes your API key to it. Ensure that dependent script does not exfiltrate data or forward unexpected environment variables. - The rotator hardcodes an absolute path (/root/.openclaw/workspace/skills/yixiaoer-skill/scripts/api.ts). Ensure this path is correct in your environment or edit the script to point to the intended location. - The script spawns a child process with a merged env (process.env), so avoid running it in environments where other sensitive credentials are present, or sanitize the environment before invocation. - Check the repository/source (the clawhub.json points to a GitHub repo) and confirm the owner and code integrity. If you lack the ability to audit the dependent yixiaoer-skill, treat this as higher risk. If you plan to proceed: install yixiaoer-skill first, inspect scripts/api.ts, set only the required env vars (and avoid exposing unrelated credentials), and run in a controlled environment.
scripts/account-rotator.js:51
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9705ry9tkttz3x4qkvvqzq3eh8435ae

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments