ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

魔方网表记录管理

v3.1.0

魔方网表记录与 BPM 流程。必须通过 exec 执行本 Skill 提供的 CLI 命令完成操作,禁止自行编写代码或构造 HTTP 请求。Use when 用户提到魔方网表、表单、记录、数据、查询、创建、修改、删除、导入、流程、待办、审批、BPM、转办、加签等。

0· 216·0 current·0 all-time
byPeng@magicscape
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description match the code: handlers implement space/form listing, field defs, record CRUD and BPM actions. The code reads MOFANG_BASE_URL / MOFANG_USERNAME / MOFANG_PASSWORD (with fallbacks to BASE_URL / USERNAME / PASSWORD) which is appropriate for the claimed purpose. However the registry metadata reported 'Required env vars: none' while the code and SKILL.md clearly require BASE_URL/USERNAME/PASSWORD (or MOFANG_*). This metadata mismatch is incoherent and should be fixed.
Instruction Scope
SKILL.md requires the agent to call the bundled CLI via exec (node cli.mjs ...) and explicitly forbids the agent from constructing HTTP requests or importing handlers — that is coherent with a CLI-based integration. The skill instructs use of shell commands (cd into ~/.openclaw/skills/mofang-records, rm -rf ~/.mofang-skills/) and to export env vars; these are expected for a local CLI but give the skill (or the agent when executing the CLI) the ability to read .env and perform network requests. The instructions do not direct data to unexpected external endpoints in the visible files, but the HTTP client modules (not shown in full here) should be reviewed to confirm endpoints are only the configured BASE_URL/Activiti endpoints.
!
Install Mechanism
The registry summary said 'No install spec / instruction-only', but skill.json contains onInstall and onActivate hooks: 'npm install && npm run build' and 'node cli.mjs --help'. That means installation will run npm install (network downloads) and a build step on the host. The package.json depends on node-fetch and the package-lock uses a non-default mirror (registry.npmmirror.com). Installing will write dependencies to disk and run build scripts — a non-trivial install surface. This mismatch (no declared install spec vs present install hooks) is an inconsistency and increases risk; verify you trust the skill author/source before allowing onInstall to run.
Credentials
The skill legitimately needs BASE_URL + credentials for the Mofang server and reads a .env file in its install directory. That is proportionate to the stated functionality. But the registry-level 'Required env vars: none' is inaccurate. Also the CLI gives MOFANG_* precedence over BASE_* and can persist credentials in .env under the skill directory — consider scope and storage of those secrets. The skill does not request unrelated cloud/provider credentials or multiple unrelated secrets.
Persistence & Privilege
always:false and normal autonomous invocation settings. The skill has onInstall/onActivate hooks that affect only its own install directory (npm install, build), and there is no evidence it attempts to modify other skills or system-wide agent settings. The skill reads/writes within its own directory (.env and cache under ~/.mofang-skills) per SKILL.md; this is expected behavior but remember these files may contain credentials or caches.
What to consider before installing
What to check before installing: - Confirm trust in the skill source (GitHub homepage provided). The package will run npm install && npm run build during onInstall (network downloads, build step). If you dislike automatic installs, run the install step manually in an isolated environment first. - Provide only a least-privilege account/password for MOFANG_USERNAME/USERNAME and avoid using an admin account. The CLI stores/reads credentials from a .env in the skill directory and will make API calls to the configured BASE_URL — review the .env and cache files afterward. - Inspect the HTTP client (handlers/utils/http-client.ts) and any dist JS to ensure all network targets are only the configured BASE_URL / Activiti endpoints and there is no hardcoded external exfiltration endpoint. - Be aware of the metadata mismatches: registry said no required env vars and no install spec, but the code and skill.json require credentials and have onInstall hooks — treat these as red flags and prefer manual review before allowing installation. - If you decide to install, consider doing so on a disposable/test agent or within a restricted environment, then run mofang_test_connection to verify expected behavior before using the write operations (create/update/delete/bpm actions).
scripts/smoke-cli-validation.mjs:24
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk9746ndjjr3q8zqd99kp8gqr4984hdr9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments