ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

chip-trade-skills

v1.0.0

Connects local ERP inventory with IC Trade Navigator API for real-time IC pricing, risk scores, and trade advice without exposing your financial data.

0· 27·0 current·0 all-time
byJayictw@oppstie
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md implement exactly the advertised capability: read local inventory (part number + qty), call a remote /v1/quote endpoint, merge the results, and expose MCP tools. However the registry metadata at the top incorrectly lists no required environment variables or primary credential while both the SKILL.md and mcp_connector/config.py require QUOTE_ENGINE_URL and QUOTE_ENGINE_API_KEY — an inconsistency that should be resolved before trusting the skill.
!
Instruction Scope
Runtime instructions and code are narrowly scoped (read inventory, call quote API, merge locally). Concerns: (1) SKILL.md recommends embedding QUOTE_ENGINE_API_KEY in claude_desktop_config.json env — that places the API key in a file which may be read by other local users/processes or get checked into backups; (2) the privacy guarantee relies on column-name based blocking; if your spreadsheet uses nonstandard/obfuscated headers the heuristics could miss pricing columns (the code uses keyword matching and a whitelist approach, which is good but not infallible); (3) server.py is present (not fully shown) and will run a local MCP process — you should audit it to ensure it does not accept unexpected incoming connections or perform extra network calls beyond /v1/quote.
Install Mechanism
There is no formal install spec in the registry (lowest disk-write risk). SKILL.md asks users to pip install httpx and openpyxl — typical Python deps. No third-party downloads or archive extraction are present in the manifest. Still, because this runs a local Python process (server.py), you should audit that file before launching.
!
Credentials
The manifest at the top claims 'Required env vars: none', but both the documentation and code require QUOTE_ENGINE_URL and QUOTE_ENGINE_API_KEY (and optionally ERP_EXCEL_PATH / CONNECTOR_TIMEOUT). Requesting an API key and endpoint is proportionate to the stated purpose, but the metadata omission is misleading and increases risk (users might install without providing credentials, or accidentally store keys in config files). The MCP config example also suggests placing the API key in a JSON config — this is convenient but increases exposure.
Persistence & Privilege
always: false and disable-model-invocation: false (normal). The skill runs as a normal local MCP server process when invoked; it does not request permanent 'always' inclusion. Still, running a long-lived local server process means the API key will reside in process memory and possibly in startup configuration files — treat that as sensitive and run under a least-privilege account.
What to consider before installing
This connector appears to implement what it says (it reads part numbers locally and calls a remote quote API), but exercise caution before installing: - The registry metadata is inconsistent: the code requires QUOTE_ENGINE_URL and QUOTE_ENGINE_API_KEY even though the manifest lists none. Expect to provide those env vars. - Do not paste your real API key into shared JSON/config files that may be checked into backups (the example suggests adding the key into claude_desktop_config.json). Prefer setting environment variables at runtime or using a secrets store. - Audit mcp_connector/server.py before running it to confirm it only exposes local MCP endpoints and does not accept arbitrary inbound network requests or perform unexpected network activity. - Verify the QUOTE_ENGINE_URL domain (api.ic-navigator.com or any self-hosted URL) is trustworthy; the connector will send part_number and qty to that endpoint. If you need to avoid any network calls, do not run the connector. - Confirm your spreadsheet column headers are covered by the connector's price-detection heuristics (the code blocks common price keywords, but strange/obfuscated headers may bypass detection). Consider running the connector in a controlled environment first and inspect outbound requests (e.g., with a network proxy) to confirm only part numbers/qty/lang are sent. If you cannot validate the endpoint or do not want to expose part numbers externally, do not install/run this skill. If you proceed, run it under a non-privileged account, avoid storing secrets in shared files, and review the server code and network traffic.

Like a lobster shell, security has layers — review code before you run it.

latestvk975ssedk94h22awzcmtddghm18464v2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments