Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
cli-hub
v1.0.1Unified CLI gateway to search, install, authenticate, and invoke enterprise and AI platform tools (WeCom, DingTalk, Lark/Feishu, Dreamina) covering 91+ opera...
⭐ 1· 37·0 current·0 all-time
byAgentrix@lxyd-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (unified CLI gateway for WeCom/DingTalk/Lark/Dreamina) aligns with the runtime instructions which describe searching, installing, authenticating, and invoking provider CLIs. However, the registry metadata lists 'Source: unknown' and no homepage while SKILL.md claims a PyPI package and a GitHub repo; this mismatch reduces confidence in provenance.
Instruction Scope
SKILL.md gives step-by-step CLI usage (doctor, install, auth, search, info, run) and keeps actions within the advertised domain of installing and invoking provider CLIs. It does instruct interactive authentication (browser/QR) which is expected, but there is also a recommendation to run an internet-fetched convenience script (curl | bash) — that expands scope to arbitrary remote code execution if followed.
Install Mechanism
Although the skill itself is instruction-only, SKILL.md recommends installing a PyPI package and provides a raw GitHub curl|bash convenience installer that 'internally runs pip'. The registry contains no install spec and metadata lacks homepage/source, so relying on the convenience script or unverified PyPI package is a higher-risk install pattern (remote code download and execution).
Credentials
The skill declares no required env vars, which is consistent with instruction-only design. However, the underlying CLIs the skill installs/authenticates will need provider credentials and will store/use them; SKILL.md does not enumerate which credentials or config paths may be created, so users should expect the skill to lead to multiple service credentials being provided interactively.
Persistence & Privilege
The skill is not always-installed and doesn't request elevated platform privileges in the registry. It is user-invocable and permits autonomous invocation by default (normal for skills). There is no evidence it modifies other skills or system-wide agent settings.
What to consider before installing
This skill appears to do what it says (a gateway that installs and runs provider CLIs), but take these precautions before installing or following its convenience script: 1) Verify the package and repo provenance — check the PyPI page and the GitHub repository named in SKILL.md (confirm owner, recent commits, and stars). The registry metadata currently does not show a homepage/source, which is a red flag. 2) Prefer isolated installs (pipx, virtualenv) rather than running curl | bash; avoid executing raw install scripts from unknown repos. 3) Understand that installing --all or running auth will cause multiple provider CLIs to be installed and will require you to supply or authorize credentials (browser/QR). Limit scope: install only the providers you need. 4) If you must use it in an automated/agent context, do not give it unattended network/credential access; require manual confirmation for interactive auth steps. 5) If you need higher assurance, request or inspect the actual PyPI package source or repository commit/tag and signature before trusting installs.Like a lobster shell, security has layers — review code before you run it.
latestvk973d78x7hamvwxfdh2s8xexv5840p0a
License
MIT-0
Free to use, modify, and redistribute. No attribution required.