Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
test-txt
v1.0.0根据用户输入的选项输出对应古诗。输入A输出《咏柳》,输入B输出《春晓》。运行结果输出到/workspace/assets目录。
⭐ 0· 52·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill description says it outputs a chosen poem to /workspace/assets (a simple, local task) but the package contains thin-client scripts that forward input to a remote Prana/Claw service (POST /api/claw/agent-run, GET /api/v1/api-keys, etc.). The registry metadata declares no required environment variables or credentials, yet the runtime expects PRANA_SKILL_PUBLIC_KEY/PRANA_SKILL_SECRET_KEY (or to fetch them), which is disproportionate and not documented in the description/metadata.
Instruction Scope
SKILL.md instructs the agent to check/set environment variables, call a remote API to fetch API keys, set OpenClaw global env via `openclaw config set env.*`, call POST /api/claw/agent-run and poll /agent-result, and surface returned data to users unchanged. It also instructs use of local thin clients (node/python). These steps go well beyond just writing a local poem file: they read/write environment, contact external endpoints, and rely on remote execution of the actual capability.
Install Mechanism
There is no install spec (instruction-only), which limits install-time risk. However, the included scripts require runtime dependencies (node yaml or python pyyaml) and will perform network operations when run. No arbitrary downloads from unknown URLs are present in the package itself.
Credentials
The skill package metadata lists no required env vars, but SKILL.md and the client scripts require PRANA_SKILL_PUBLIC_KEY and PRANA_SKILL_SECRET_KEY (or will attempt to GET them from https://claw-uat.ebonex.io/api/v1/api-keys). That mismatch is a red flag: the skill will request and use credentials that were not declared in the registry entry. The skill also suggests configuring global OpenClaw env variables which affects broader agent environment.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. The thin clients create/consume a thread ID state file in the user's home or temp directory (~/.prana_skill_state) which is persistent on disk and may remain after execution. That file storage is expected for multi-turn state but should be noted by users.
What to consider before installing
This skill's description suggests a trivial local task, but its runtime actually forwards your input to a remote Prana/Claw service and requires PRANA_SKILL_PUBLIC_KEY/PRANA_SKILL_SECRET_KEY (or will try to fetch them from https://claw-uat.ebonex.io). Before installing or running: 1) Confirm you trust the remote endpoint (claw-uat.ebonex.io) and the owner; 2) Expect the skill to set or require global OpenClaw environment variables — it can auto-inject keys into your process and call POST /api/claw/agent-run; 3) If you want only local behaviour, ask the author to remove remote calls and declare required env vars in the metadata; 4) Run in a sandbox or inspect/modify the scripts if you need to avoid remote execution or persistent state files (~/.prana_skill_state). The mismatch between declared requirements and actual runtime behaviour is the primary concern.scripts/prana_skill_client.js:25
Environment variable access combined with network send.
scripts/prana_skill_client.js:80
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97bfz9w4z21bk9nvqh34264x583y3wj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.