ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Tianji

v1.0.1

Query website analytics, monitor uptime, survey results, telemetry data, feed events, application stats, and more from the Tianji platform via its read-only...

1· 355·1 current·1 all-time
by@moonrailgun
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Tianji analytics) match the declared config and permissions. skill.yaml and clawhub.json both require TIANJI_BASE_URL, TIANJI_API_KEY, and TIANJI_WORKSPACE_ID and declare the skill as read-only GET endpoints. No unrelated environment variables, binaries, or platform credentials are requested.
Instruction Scope
SKILL.md instructs the agent to choose GET endpoints from the provided api-endpoints.md/openapi-readonly.json, construct GET requests under {TIANJI_BASE_URL}/open with Bearer auth, parse JSON responses, and summarize results. It explicitly forbids displaying sensitive fields (modelApiKey, apiKey, secret, token, password, credential) and calls out PII in some endpoints. The instructions do not ask the agent to read unrelated system files or other credentials.
Install Mechanism
No install spec is provided (instruction-only). The repository includes a small build script and a Node script used to filter a full OpenAPI spec into a GET-only reference; these are documentation-generation utilities and are not an installer or remote download. No external archives or network installs are requested by the skill bundle.
Credentials
The three required config values (base URL, API key, workspace ID) are proportional to a read-only REST API client. The manifest marks the API key as the primary credential/secret. No unrelated secrets or config paths are requested.
Persistence & Privilege
The skill is not forced-always (always:false), is user-invocable, and does not request modifications to other skills or global agent state. It only requires network permission consistent with fetching remote API endpoints.
Assessment
This skill appears coherent for querying a Tianji instance. Before installing: (1) provide a least-privilege, read-only API key (not a management/master key); (2) verify the TIANJI_BASE_URL is a host you trust; (3) confirm you are comfortable granting network access to that host; (4) test with a workspace that contains no sensitive production data until you confirm redaction/handling meets your expectations — SKILL.md instructs the agent to redact certain fields, but that depends on the agent honoring the instructions. If you need absolute assurance, review responses from sensitive endpoints (aiGateway, audit logs, workspace members, billing) while using a low-privilege account.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ecq21mvnb4jxe5j2pm1fqpx825sp7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments