Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Yuque 语雀知识库管理
v1.0.0语雀 (Yuque) 知识库管理。搜索、阅读、创建、编辑语雀文档,管理知识库和目录。 Use when: user mentions 语雀/Yuque, or wants to search/read/create/edit documents, manage knowledge bases, organize...
⭐ 1· 58·0 current·0 all-time
by@lt5227
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description and the included scripts (_client.py + per-action scripts) match: they implement search/read/create/update/delete and TOC operations against Yuque's API. The code uses only standard-library HTTP calls and implements the documented endpoints — functionality is coherent with the stated purpose.
Instruction Scope
SKILL.md instructs the agent to create a config.json (or set YUQUE_TOKEN env var), write temporary markdown files (e.g., /tmp/yuque_doc.md), and run the included scripts. The scripts only access their own config.json, stdin/stdout, and files the user points at — they do not read unrelated system files. However the runtime instructions explicitly direct the agent to create a persistent config.json in the skill directory (containing the API token).
Install Mechanism
No install spec; scripts are provided as plain Python files and require no external packages — low install risk. Nothing is downloaded from external URLs or installed into system-wide locations.
Credentials
The skill needs a Yuque API token (config.json or YUQUE_TOKEN) to work, but the registry metadata lists no required env vars or primary credential. That mismatch is a material inconsistency. Additional concerns: the token is stored in plaintext in config.json in the skill directory by the installation flow described; config.json also allows changing base_url (defaulting to yuque.com), which could be pointed at an arbitrary endpoint if modified, enabling token exfiltration.
Persistence & Privilege
always:false (normal). The agent (per SKILL.md) will create a config.json in the skill directory and store the token persistently; combined with autonomous invocation (the default), this means the stored token could be used later without re-prompting the user. This is expected for API clients but is a persistent credential storage worth noting.
What to consider before installing
This skill appears to be a genuine Yuque API client, but pay attention to these points before installing:
- The skill needs your Yuque API token even though the registry metadata didn't declare it. Expect to provide a token.
- The agent will (by instruction) create a config.json in the skill directory containing your token in plaintext. If you are uncomfortable storing credentials on-disk, use the YUQUE_TOKEN environment variable or avoid installing the skill.
- config.json supports a base_url override. Leave base_url as the default (https://www.yuque.com) unless you explicitly trust another endpoint — changing it could cause the token to be sent elsewhere.
- Because the token is stored persistently and the skill can be invoked autonomously, consider whether you want to allow autonomous use, and consider scoping the token (create a token with minimal permissions or revoke it after use).
- Practical steps: verify the file contents in the skill folder after setup, prefer using environment variables over disk storage if possible, and revoke the token immediately if you suspect misuse.
If you want a stronger assurance, ask the publisher to declare YUQUE_TOKEN (or config.json usage) in the registry metadata and to document any telemetry or external endpoints the skill might contact.Like a lobster shell, security has layers — review code before you run it.
latestvk9715wf4nat31jwqx7wfscdasd83ymbd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.