Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
SYSU Duck
v1.0.0中山大学校园AI陪伴鸭鸭,支持本地SQLite档案管理、多种人格设定、校园问答记忆及指令操作。
⭐ 0· 37·0 current·0 all-time
byMars YANG@mars2003
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims a local SQLite-backed campus companion (personality, memory, recall, minor web search). That purpose would legitimately need local DB access and occasional outbound search/network calls. However the registry metadata lists no required environment variables while the SKILL.md documents several (DUCK_USER_ID, DUCK_DB_PATH, DUCK_YAYAID_URL, etc.), which is an inconsistency between claimed requirements and the package metadata.
Instruction Scope
SKILL.md instructs the agent to run duck.py commands that read/write a local DB (data/duck.db), perform web searches, and call a cloud '编号服务' via DUCK_YAYAID_URL. It also permits the AI to autonomously decide to 'remember' user content (persisting user-submitted text). Those are plausible for the stated feature set, but SKILL.md says the real implementation is in src/duck.py — that file is referenced at runtime but is NOT present in the provided manifest. The provided top-level duck.py loads and immediately executes src/duck.py from disk, so the runtime behavior depends on that missing file; without it you cannot verify what network calls, data exfiltration, or filesystem operations would occur.
Install Mechanism
There is no install spec (instruction-only with a small loader script). That minimizes direct install-time risk because nothing is automatically downloaded or extracted, but runtime execution still executes a Python module from the package (src/duck.py) which must be present and audited before running.
Credentials
SKILL.md requires DUCK_USER_ID and optionally DUCK_DB_PATH and DUCK_YAYAID_URL (cloud function URL) for normal operation. The registry metadata listed no required env vars, creating a mismatch. The presence of a configurable remote endpoint (DUCK_YAYAID_URL) means the skill may call an external service by default (the doc references Tencent Cloud functions). While that can be legitimate (for obtaining a '编号'), it raises proportionality/privacy questions because the skill can autonomously persist user messages to a local DB and may send requests to an external URL — you should verify what is sent and whether that external endpoint is trustworthy.
Persistence & Privilege
The skill does not request 'always: true' and uses autonomous invocation by default (platform standard). It is expected to create and update a local SQLite DB (data/duck.db) to implement memory; this is consistent with its purpose. The main risk is that the agent is allowed to autonomously decide to write user-provided content into persistent storage and to call external endpoints to refresh IDs — this is not inherently malicious but warrants review of the missing implementation to ensure stored data and outbound traffic are handled appropriately.
What to consider before installing
Do not run this skill blindly. Key concerns: 1) The SKILL.md references src/duck.py as the actual implementation but that file is not included in the manifest — you must review src/duck.py before executing anything. 2) SKILL.md expects DUCK_USER_ID and may contact an external DUCK_YAYAID_URL (defaulting to a cloud function). Confirm what data is sent to that URL and whether it is trustworthy. 3) The skill autonomously persists user messages to a local SQLite DB (data/duck.db); decide whether you are comfortable with that storage and review retention/format. Recommended steps before installing: request the complete source (including src/duck.py and any scripts under scripts/ and assets/), inspect network calls and what is written to the DB, consider running it in a sandbox/container, and verify or override DUCK_YAYAID_URL to a controlled endpoint (or disable remote calls). If you cannot obtain and audit the referenced src/duck.py, treat the package as untrusted.Like a lobster shell, security has layers — review code before you run it.
ai-assistantvk97fh5e28r9yjzs6v2dvz5hrp584tv6zcampus-aivk97fh5e28r9yjzs6v2dvz5hrp584tv6zcampus-servicevk97fh5e28r9yjzs6v2dvz5hrp584tv6zclivk97fh5e28r9yjzs6v2dvz5hrp584tv6zgacha-systemvk97fh5e28r9yjzs6v2dvz5hrp584tv6zlatestvk97fh5e28r9yjzs6v2dvz5hrp584tv6zlocal-storagevk97fh5e28r9yjzs6v2dvz5hrp584tv6zmemory-systemvk97fh5e28r9yjzs6v2dvz5hrp584tv6zpythonvk97fh5e28r9yjzs6v2dvz5hrp584tv6zskill-packagevk97fh5e28r9yjzs6v2dvz5hrp584tv6zsqlitevk97fh5e28r9yjzs6v2dvz5hrp584tv6zstandard-libraryvk97fh5e28r9yjzs6v2dvz5hrp584tv6zsysuvk97fh5e28r9yjzs6v2dvz5hrp584tv6z
License
MIT-0
Free to use, modify, and redistribute. No attribution required.