Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Panews Creator

v0.2.0

Create and manage articles on the PANews platform. All operations require a valid user session. Triggers: write and publish new articles, view / edit / delet...

⭐ 0· 159·0 current·0 all-time

bySeven Du@medz

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The name/description (PANews Creator) aligns with the included CLI (scripts/cli.mjs) which calls a PANews API (universal-api.panewslab.com). However metadata declares no required binaries while the shipped tool is a Node CLI—so the skill implicitly requires Node.js but does not declare it.

Instruction Scope

SKILL.md instructs the agent and user to obtain a PA-User-Session cookie from browser DevTools and to run the local CLI with session tokens. That is functionally necessary for authenticated operations, but asking users to extract and paste session cookies is sensitive. Additionally, the static scan flagged 'unicode-control-chars' inside SKILL.md (possible prompt-injection attempt). The instructions otherwise limit operations (validate session, confirm deletes) which is good, but the hidden-character finding increases risk.

Install Mechanism

There is no install spec (instruction-only), but the package includes a large script (scripts/cli.mjs) intended to be executed via 'node'. The registry metadata does not declare Node as a required binary. That mismatch (shipped executable code without declaring runtime requirements) is an inconsistency and could surprise users. No external downloads were observed in the provided excerpt; the CLI contacts a single API host (universal-api.panewslab.com).

Credentials

The skill metadata lists no required environment variables, yet both SKILL.md and the CLI code reference and may read session environment variables (PA_USER_SESSION, PA_USER_SESSION_ID, PANEWS_USER_SESSION). Requesting/using a session token is proportionate to the task, but the omission from declared requirements reduces transparency. Examples in references sometimes show tokens on the command line (which is warned against) — inconsistent guidance.

✓

Persistence & Privilege

The skill is not marked always:true and does not request elevated platform privileges. agents/openai.yaml allows implicit invocation (normal). The skill does include runnable code but does not appear to modify other skills or global agent configuration.

Scan Findings in Context

[unicode-control-chars] unexpected: Hidden/unicode control characters in SKILL.md are not needed for a CLI documentation or workflow description and may be a prompt-injection attempt to manipulate an LLM. This should be inspected and removed or explained by the author before trusting the skill.

What to consider before installing

This package appears to implement a CLI for PANews and mostly does what its name says, but exercise caution before installing or running it: - Do not paste your PA-User-Session cookie into chat. Prefer setting it in a secure environment variable or secret manager if you decide to run the CLI locally. - The package includes a Node script but the registry metadata does not declare Node as a required binary—make sure you run it intentionally in a controlled environment (e.g., a disposable VM or container) and verify the Node runtime version. - Inspect scripts/cli.mjs (the full file) for any unexpected network endpoints or obfuscated code. The file header claims a GitHub source; verify that the repository and commit match the shipped code and confirm checksums if possible. - The SKILL.md contains detected unicode-control characters (possible prompt-injection). Open SKILL.md in a text editor that can show hidden characters and remove/confirm them before using the skill. - If you only need offline polishing/editing help, use the 'polish' workflow which explicitly does not call the CLI or require a session. What would increase confidence: a verifiable upstream repository URL and commit, declared runtime requirements (Node), explicit declared env vars in metadata, and removal/explanation of the unicode-control characters in SKILL.md.

✗

scripts/cli.mjs:13

Environment variable access combined with network send.

scripts/cli.mjs:17

Potential obfuscated payload detected.

scripts/cli.mjs:9

File read combined with network send (possible exfiltration).

Patterns worth reviewing

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c7k3szcdj45ng4443nv08kd83jtab

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Panews Creator

License

Comments