ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Coze 工作流执行 / Coze Workflow

v1.1.4

Coze Workflow Executor | Coze 工作流执行技能 Execute Coze workflows with workflow_id and parameters. 接收参数调用工作流,返回执行结果。 Pure invocation layer with no business logic....

0· 342·5 current·5 all-time
bynoah@noah-1106
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The declared purpose (invoke Coze workflows) matches the instructions (curl POST to Coze endpoints). However the registry metadata lists no required credentials or config paths, while SKILL.md and the included config.json clearly expect an API key and a base_url — a mismatch between declared requirements and actual needs.
!
Instruction Scope
SKILL.md instructs the agent to read a config at ~/.openclaw/skills/coze_workflow/config.json and/or use environment vars (COZE_API_KEY, COZE_BASE_URL) and to perform network calls to api.coze.cn (SSE or polling). These actions are within the stated purpose, but SKILL.md references local config and env vars that were not declared in the skill metadata, and the bundled config.json sets base_url to a full stream_run URL (inconsistent with examples).
Install Mechanism
No install spec and no code files — instruction-only. This is low-risk from an installation perspective (nothing is downloaded or executed beyond the agent following curl instructions).
!
Credentials
The skill logically needs one secret (Coze API key) and a base URL, but the registry lists no required env vars or primary credential. The included config.json contains an api_key field (placeholder) and a base_url pointing directly at a stream endpoint; requiring secrets but not declaring them in metadata is disproportionate/incoherent. Also storing API keys in plaintext config is risky.
Persistence & Privilege
always:false and no install means the skill won't force permanent inclusion. It does expect a config file under ~/.openclaw/skills/coze_workflow/, which is a normal place for skill config but was not declared in the metadata; there is no indication it modifies other skills or system-wide configs.
What to consider before installing
This skill appears to do what it says (invoke Coze workflows), but its metadata and instructions disagree about where and how the API key and base_url are provided. Before installing: (1) confirm how the agent will supply the Coze API key — prefer platform secret storage or declared environment variables rather than plaintext ~/.openclaw config files; (2) ask the publisher to update registry metadata to declare required env vars/config paths (COZE_API_KEY / COZE_BASE_URL or config path) so permissions are explicit; (3) verify network destination is the official https://api.coze.cn domain and not an unexpected endpoint; (4) avoid placing long-lived credentials in unencrypted skill config; (5) if you do not trust the publisher, do not provide secrets — test with a throwaway key first. The inconsistencies are not proof of malicious intent, but they reduce transparency and increase risk.

Like a lobster shell, security has layers — review code before you run it.

base-skillvk9723cm50q8r5vtzz7esa4edbn82y2ypcozevk9723cm50q8r5vtzz7esa4edbn82y2yplatestvk9723cm50q8r5vtzz7esa4edbn82y2ypworkflowvk9723cm50q8r5vtzz7esa4edbn82y2yp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments