Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Funpay Assistant
v1.0.0Автоматически отвечает на вопросы и проблемы в чатах FunPay, уведомляет о входе в аккаунт и пересылает неопознанные сообщения владельцу.
⭐ 0· 583·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The description promises Telegram notifications and forwarding unknown messages to the owner, but the bundled code does not implement any Telegram API calls or require a Telegram token. Instead it contains a hard-coded FunPay API key (GOLDEN_KEY) and operates directly on chats; the skill declares no required credentials. That mismatch (claimed external notification vs actual local printing and an undisclosed API key) is incoherent.
Instruction Scope
SKILL.md simply says to run monitor.py; the script reads and writes state.json, uses a FunPay Account object with a hard-coded API key, sends replies via acc.send_message, and emits notification strings to stdout. The instructions do not document the embedded API key, the provenance of state.json (which contains many real chat messages), or how notifications reach the owner (no Telegram webhook or token). The bundle also contains a unicode/control-character artifact which may be used to hide or obfuscate content.
Install Mechanism
There is no install spec (instruction-only with bundled code). That lowers installer risk, but the code depends on an external module (FunPayAPI) with no declared install step. The lack of installation instructions means runtime behavior is unclear and may fail or cause the operator to add packages ad-hoc.
Credentials
The repository contains a clear secret (GOLDEN_KEY) hard-coded into monitor.py rather than declared as a required environment variable. The skill also bundles a state.json file containing many past chat messages (sensitive user data). The metadata declares no credentials while code includes a credential with broad access to FunPay chats — this is disproportionate and suspicious.
Persistence & Privilege
always:false (normal). The skill is invocable/autonomous by default (platform standard). Combined with the embedded API key and chat access, autonomous runs could access and reply to chats without further configuration, increasing blast radius; this combination is noteworthy though not sufficient alone to mark it malicious.
Scan Findings in Context
[unicode-control-chars] unexpected: Control/unicode-invisible characters were detected in the skill files (state.json contains a leading invisible character in at least one message). This isn't expected for a simple chat-monitoring helper and can be used to hide or obfuscate content or attempt prompt-injection.
What to consider before installing
Do not install/run this skill as-is. Key concerns: (1) monitor.py contains a hard-coded FunPay API key (GOLDEN_KEY) that is not declared in metadata — this exposes an account and gives the skill direct access to chats; (2) the bundle includes state.json with many real chat messages (sensitive data); (3) the description promises Telegram notifications but there is no Telegram integration or declared token, so functionality and data flows are unclear; (4) invisible/control characters were detected which can hide content. If you want to use a similar tool safely, ask the author to: remove the hard-coded key and require a documented environment variable (e.g., FUNPAY_API_KEY), scrub or omit any bundled chat logs, implement and document Telegram integration (and require TELEGRAM_BOT_TOKEN/CHAT_ID), publish installation steps and the FunPayAPI dependency, and explain exactly what data is sent externally. If you already ran this code using your environment, rotate any exposed FunPay credentials immediately and audit account activity. If the embedded key appears to belong to someone else, do not use it — contact the owner or treat the bundle as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk970rpb325tv1p1khay5tfn72n815w7c
License
MIT-0
Free to use, modify, and redistribute. No attribution required.