ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

gitea-commit-report-skills

v1.2.0

获取 Gitea 各仓库提交记录,调用 AI 生成进度报告,并发送 HTML 邮件给仓库管理员

0· 46·0 current·0 all-time
by@myd2002
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
SKILL.md and the Python scripts consistently require GITEA_URL and GITEA_TOKEN (and the code uses them to call the Gitea API), which is appropriate for the stated purpose. However, the registry metadata at the top-level claimed no required environment variables while SKILL.md declares GITEA_URL and GITEA_TOKEN and a ~/.config/.env path—this metadata mismatch is unexpected and should be resolved.
!
Instruction Scope
The runtime instructions narrowly limit the AI's role (AI must output JSON-only and must not generate HTML), and the code implements that flow. Concerns: (1) render_email.py contains a hardcoded fallback GITEA_URL pointing to IP 43.156.243.152 which will be used if the environment variable is missing, causing links in outgoing emails to point to that host; (2) main.js builds a shell command and uses a lightweight escape that does not guard against all shell metacharacters (e.g., semicolons, ampersands), which could enable command injection if repo or time inputs are attacker-controlled; (3) SKILL.md instructs to call an external imap-smtp-email skill for sending mail — ensure that skill is trusted and configured properly. The scripts do request and send owner emails (get_admin_emails), which is necessary to deliver reports but means address data will be read and used for outbound email.
Install Mechanism
There is no automated install spec in the registry (no package download), but the bundle includes setup.sh and Python requirements. That means nothing will be installed automatically by the platform, but the supplied setup.sh will create a virtualenv and install dependencies if run manually. This is lower risk than a remote download/install, but you should manually inspect and run setup.sh in a safe environment.
!
Credentials
The skill legitimately needs GITEA_URL and GITEA_TOKEN, and SKILL.md declares them (GITEA_TOKEN as primary credential). However: (1) the registry-level metadata claims no required env vars while the included SKILL.md and scripts require them—this inconsistency is suspicious; (2) render_email.py includes a hardcoded fallback GITEA_URL (http://43.156.243.152:3000) that is unrelated to the user's Gitea instance and could cause generated emails to link to that host if the environment is misconfigured; (3) the scripts read ~/.config/gitea-routine-report/.env automatically, so ensure you control that file and it does not contain unintended credentials.
Persistence & Privilege
The skill does not request always:true and does not claim persistent or elevated platform privileges. It does not modify other skills or system-wide settings. Its runtime behavior is limited to calling local scripts and requiring an external SMTP-sending skill for delivery.
What to consider before installing
Before installing or running: - Verify environment variables: create and inspect ~/.config/gitea-routine-report/.env yourself and set GITEA_URL and GITEA_TOKEN to your trusted values. Do not rely on defaults. - Inspect render_email.py: it contains a fallback GITEA_URL = http://43.156.243.152:3000. If your GITEA_URL is missing or misconfigured, outgoing emails will include links to that IP. Remove or change that fallback to avoid leaking repository links to an external host. - Be cautious with main.js: it invokes the Python script via shell and its escaping is incomplete. Avoid passing untrusted user-controlled repo or time strings to the skill, and consider patching command building to use exec with argument arrays or stronger escaping to prevent shell injection. - Review and run setup.sh in an isolated environment (or read it thoroughly) before installing dependencies; it creates a virtualenv and will install Python packages. - Confirm the imap-smtp-email skill you will use to send messages is trusted and correctly configured (SMTP creds are not requested by this skill but will be needed by the email skill). - If you are not comfortable auditing or modifying the code (removing the hardcoded IP fallback and improving shell-safety), do not install or run this skill on production systems. If you want, I can: (a) show the exact lines that contain the hardcoded IP and the shell-escaping logic, (b) suggest a fixed version of main.js that avoids shell interpolation, or (c) produce a safer render_email.py snippet without the fallback host.
main.js:45
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97avxb1r5yzqrq5afrr5ebsgs84g084

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments