Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
wjx-mcp-use
v0.1.21Guide for using wjx-mcp-server MCP tools to interact with the Wenjuanxing (问卷星) platform. Use when the user mentions: 问卷, 调查, 收集, 表单, 投票, 考试, 测评, 满意度, NPS, 问...
⭐ 0· 71·0 current·0 all-time
by@orzwq
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md clearly targets Wenjuanxing (问卷星) administration and data operations (create surveys, query/download/clear responses, manage contacts/subaccounts, build SSO links). Those capabilities legitimately require API credentials (WJX_API_KEY), base URL and sometimes a corp ID, but the registry metadata declares no required environment variables or credentials — a transparency mismatch.
Instruction Scope
Instructions stay within the Wenjuanxing domain but include high-impact operations (delete_survey, clear_responses, delete_contacts, add_admin, modify_sub_account, submit_response) and explicitly instruct the agent to avoid exposing tool names/parameters to users. The combination of destructive actions and guidance to hide tool calls reduces transparency and increases risk if misused.
Install Mechanism
This is an instruction-only skill with no install spec or code files. It only optionally mentions installing an external CLI (npm install -g wjx-cli) as a user step — no automatic downloads or archive extraction are specified.
Credentials
The SKILL.md references WJX_API_KEY, WJX_BASE_URL and WJX_CORP_ID and notes config locations (~/.wjxrc), which are appropriate for the declared purpose but are not listed in the skill metadata. These are high‑privilege credentials (can read/export/modify/delete surveys and contacts). The omission of declared required env vars reduces visibility into what secrets the skill needs.
Persistence & Privilege
always:false and no persistent install are fine. The skill can be invoked autonomously (platform default). Given the skill's ability to perform destructive/admin actions, consider limiting autonomous invocation or requiring explicit user approval for high‑risk operations.
Scan Findings in Context
[no_regex_matches] expected: The static scanner found no code (instruction-only skill). This is expected but means static regex checks could miss risky instructions embedded in SKILL.md — review the prose manually (done here).
What to consider before installing
Before installing or enabling this skill: (1) Verify the author/source — no homepage or publisher info is provided. (2) Expect to supply WJX_API_KEY, WJX_BASE_URL and possibly WJX_CORP_ID; confirm these env vars are required in the registry metadata and limit the API key's privileges (use a test/non‑production account first). (3) Be cautious: the guide includes capabilities that can delete or permanently clear surveys, contacts, and responses — require explicit confirmation for destructive actions. (4) The instructions tell the agent to hide tool names/parameters from users; if you require transparency, do not enable autonomous invocation or ask the platform to require user approval for each call. (5) If you need higher assurance, request the skill author to (a) declare required env vars in metadata, (b) provide a homepage/source, and (c) supply an explicit list of actions that must be approved by the user.Like a lobster shell, security has layers — review code before you run it.
latestvk978m3d874t885w7af8466p9ss84wtrk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.