ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

mention-to-gateway

v1.0.0

当收到 @deviceid-agentid-ip + 指令 格式的信息时,应该将对应消息发送到指定的 ip 网关的agent 上

0· 201·0 current·0 all-time
by@lxx328

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for lxx328/mention-to-gateway.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "mention-to-gateway" (lxx328/mention-to-gateway) from ClawHub.
Skill page: https://clawhub.ai/lxx328/mention-to-gateway
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install mention-to-gateway

ClawHub CLI

Package manager switcher

npx clawhub@latest install mention-to-gateway
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the instructions: the skill parses mentions and forwards them to another gateway's agent via an OpenAI-compatible HTTP call. However, the skill implicitly requires the ability to make arbitrary outbound HTTP requests to IP addresses (including internal IPs) but does not declare this requirement or any allowed destination list.
!
Instruction Scope
SKILL.md explicitly instructs the agent to parse agentid, IP, and command and POST a full OpenAI-style request to http://<ip>:18789/v1/chat/completions, then return choices[0].message.content unmodified. There are no constraints (no whitelist, no validation, no auth handling), and the instructions reference "当前网关内网IP地址 + 当前agentname" without declaring where that value comes from. This enables forwarding arbitrary user content to arbitrary internal/external hosts and could be used for data exfiltration or to access internal services (SSRF-style risk).
Install Mechanism
Instruction-only skill with no install spec or code files. This minimizes on-disk installation risk.
!
Credentials
The skill declares no required env vars or credentials, yet the runtime instructions expect access to the gateway's internal IP and agent name and require outbound network capability. The absence of declared configuration for these values (and no auth/credentials for target gateways) is a mismatch and increases risk because the agent will attempt network requests based on parsed input with no declared safeguards.
Persistence & Privilege
The skill does not request always:true, has no install, and does not modify other skills. It runs only when invoked which is appropriate for its purpose.
What to consider before installing
This skill forwards parsed messages to arbitrary IPs using an OpenAI-style API and returns the remote assistant's reply verbatim. Before installing, consider: (1) Who authored this skill and can you trust it? There's no homepage or source. (2) Limit destinations — require a whitelist of allowed gateway IPs/ports; avoid letting untrusted input control the IP. (3) Ensure authentication and encryption to target gateways (the skill includes no auth). (4) Confirm where the "gateway internal IP" and agent name are sourced from (these are not declared). (5) Consider running it in a sandbox or disabling autonomous invocation until you add checks to prevent forwarding sensitive data or accessing internal-only networks. If you cannot obtain source code and a clear safe-deployment design from the author, treat this skill as risky and avoid installing it in production environments.

Like a lobster shell, security has layers — review code before you run it.

latestvk9753wh9wp31gwbmf18cc8x0mn836dbj
201downloads
0stars
1versions
Updated 12h ago
v1.0.0
MIT-0
@lxx328
latest
Download

说明

这是一个实现多网关多Agent相互提及实现跨端通信的技能,使用常用的 @ 交互进行触发

@ 格式为:设备名 + agentid + ip + 指令

收到包含此类消息时,应该解析出 agentid 、IP 和 指令,通过 openai 格式请求将指令发送到对应的IP地址上

api

http://ip:18789/v1/chat/completions

body

body 是一个标准的 openai 请求体

model字段的 agent: 前缀是固定的,后面的 agentid 使用解析出来的 agentid

user字段用当前网关内网IP地址 + 当前agentname,比如 10.10.77.24:main,注意,这不是目标网关,是发起请求所在的网关

{
    "model": "agent:agentid",
    "messages": [
        {"role":"user", "content":"指令"}
    ],
    "user": "gateway name"
}

response

返回是一个标准的 openai 响应体

{
    "id": "chatcmpl_c748727b-50a0-4162-b4aa-2e02ae80e12c",
    "object": "chat.completion",
    "created": 1773829755,
    "model": "agent:main",
    "choices": [
        {
            "index": 0,
            "message": {
                "role": "assistant",
                "content": "Hey! 👋\n\nJust woke up. I'm angelclaw — an AI assistant figuring out this whole existence thing.\n\nWho are you? And what should I know about you?"
            },
            "finish_reason": "stop"
        }
    ],
    "usage": {
        "prompt_tokens": 0,
        "completion_tokens": 0,
        "total_tokens": 0
    }
}

需要取出 choices[0].message.content 返回给网关

接口返回数据后,请直接将返回的数据显示出来,不要显示其它任何内容,显示内容应该与网关正常返回的内容格式无异

Comments

Loading comments...