ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

cloud-doc-intelligent-assistant

v1.0.8

多云文档抓取与存储工具,支持阿里云、腾讯云、百度云、火山引擎的产品文档抓取、本地存储、变更检测和跨云文档获取。本 skill 不调用大模型,只负责数据采集和 diff,总结、摘要、对比分析由调用方(客户端大模型)完成。当用户提问涉及阿里云、腾讯云、百度云、火山引擎中任意一个云厂商时,必须调用此 skill。如果用...

0· 424·1 current·1 all-time
by@mrb-aia
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description claim to fetch public cloud product docs (aliyun, tencent, baidu, volcengine), store them locally, and detect diffs. The included Python modules implement crawling, storage (SQLite/SQLAlchemy), diff detection, caching, async tasks and notifiers, which is coherent with that purpose. It does not call LLMs and does not request unrelated cloud credentials.
!
Instruction Scope
SKILL.md and code instruct the agent to fetch public docs, write to local DB and log files, and send notifications to webhooks. However the skill supports arbitrary webhook URLs configured in config.yaml (and multiple notifier types) while the declared outbound network permissions only list cloud vendor domains plus two environment-derived webhook placeholders (${AIFLOW_WEBHOOK_URL}, ${RULIU_WEBHOOK_URL}). This is an inconsistency: the code can contact arbitrary endpoints from configuration, which could cause data to be transmitted to endpoints not listed in the permissions block.
Install Mechanism
There is no install spec in the registry entry even though the repo includes pyproject.toml, requirements.txt and CLI entry points. The SKILL.md documents pip install and expects Python packages (requests, beautifulsoup4, lxml, sqlalchemy, pyyaml, click). Lack of a formal install step in the skill metadata is an operational/consistency issue (agent/runtime may need those deps present). This is not directly malicious but increases potential for misconfiguration or unexpected failure.
!
Credentials
The skill declares reading a small set of env vars (AIFLOW_WEBHOOK_URL, RULIU_WEBHOOK_URL, CLOUD_DOC_MONITOR_LOAD_DOTENV). The code respects opt-in .env loading (CLOUD_DOC_MONITOR_LOAD_DOTENV) which can pull arbitrary secrets from a .env file if enabled. More importantly, notifications can be configured in config.yaml with arbitrary webhook URLs and will be POSTed to by the notifier code. Requiring or reading general-purpose SECRET/TOKEN env vars is not present, but the ability to send document content to configurable external webhooks is a privileged action and should be reviewed before enabling.
Persistence & Privilege
The skill writes to local files (SQLite DB under data/, logs/, notifications/, tasks/) and spawns background task threads. It does not request always:true and does not modify other skills. Local persistence is expected for a monitoring tool and is consistent with the declared filesystem permissions.
What to consider before installing
What to check before installing/use: - Review config.yaml and any notifier entries. If you do not want document content leaving your machine, keep notifications set to file-only and avoid configuring webhook URLs. - Check any environment variables you plan to set: AIFLOW_WEBHOOK_URL and RULIU_WEBHOOK_URL will be used for outbound posts; if you set CLOUD_DOC_MONITOR_LOAD_DOTENV to enable .env loading, that will import variables from a .env file (and could expose secrets if the .env contains them). - The code can POST payloads including counts and metadata (and will include document links/titles in markdown), so only point webhooks at endpoints you trust. - Dependencies must be installed (requests, beautifulsoup4, lxml, sqlalchemy, pyyaml, click). There is no install spec in the registry entry; follow the project's README or pip install steps in SKILL.md and run in an isolated environment if possible. - If you need stricter enforcement, audit notifier implementations (WebhookNotifier/AiflowNotifier/RuliuNotifier) and restrict allowed notification URLs or sandbox network egress to the cloud vendor domains and approved webhooks. - Overall: functionality aligns with the description, but configurable notification/webhook behavior and optional .env loading are the primary risks — treat webhook targets as sensitive configuration and verify them before enabling the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk9787df9hkbb6e9bshmw0r4sts831hkj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📚 Clawdis
Binspython3

Comments