ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

liuyuxin - Local Guide

v1.0.5

本地通推荐技能 - 利用互联网全域搜索,绕过商业评价平台,挖掘真正受当地人认可的地道去处。支持美食、小吃、酒店、景点、温泉、停车场等多种类型推荐。触发词:本地通推荐、本地人推荐、老字号、地道美食、小众景点、性价比酒店。

0· 44·0 current·0 all-time
by@pythonmango
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's stated purpose (local recommendations via web-wide search) lines up with the included scripts that call a search backend and format Feishu cards. However the registry metadata declares no required environment variables while the SKILL.md and scripts clearly require EXA_API_KEY (core search) and optionally FEISHU_APP_ID / FEISHU_APP_SECRET for Feishu output. That metadata mismatch is an incoherence that could surprise users or automated installers.
!
Instruction Scope
SKILL.md confines instructions to configuring EXA and optionally Feishu which is reasonable, but the shipped code expands scope: search_module.py inserts a path to ~/.agents/skills and attempts to import skill_orchestrator (accessing other local skill code), and has a fallback that runs a constructed shell command via subprocess.run(..., shell=True). The subprocess command embeds the user search query in single quotes but is passed to a shell (shell=True), creating a potential command-injection vector if query strings are not sanitized. The scripts also perform network calls (Feishu API) and will send data externally when FEISHU credentials are configured — this is consistent with Feishu output but should be expected and authorized by the user.
Install Mechanism
There is no install spec (instruction-only skill plus local scripts), so nothing is downloaded during install. The code is included in the skill bundle and uses standard Python requests and subprocess; that is proportionate to the described functionality. No external arbitrary URL downloads or extract operations were found.
!
Credentials
The skill requires EXA_API_KEY (core search) and optionally FEISHU_APP_ID/FEISHU_APP_SECRET for card sending, but the registry lists no required environment variables. Requiring these secrets is plausible for the declared features, but the metadata omission is an inconsistency that could lead to users not realizing they need to provide credentials. Also the skill suggests adding EXA_API_KEY to shell rc files (persistence of secret) — users should be cautious about storing API keys globally.
Persistence & Privilege
always:false (no forced global presence) and autonomous invocation is allowed (platform default). The skill does not request to modify other skills or system-wide configs. However it attempts to import from ~/.agents/skills which reads other skills' code paths and may create unexpected interactions; this is a lateral-access concern (read-only behavior in code as shown, but worth noting).
What to consider before installing
This skill largely does what it promises (search EXA and format Feishu cards), but there are several red flags you should consider before installing: - Credential mismatch: The SKILL.md and scripts require EXA_API_KEY (and optionally FEISHU_APP_ID / FEISHU_APP_SECRET), but the registry metadata lists no required env vars. Don't supply secrets unless you trust the skill source. - Command execution risk: search_module.py may fall back to running a shell command via subprocess.run(..., shell=True) that embeds user-provided queries. If the skill is later invoked with crafted input this could enable command injection. Ask the author to remove shell=True or use a safe subprocess call with an argument list, or sanitize/escape queries. - Local-skill access: the code inserts ~/.agents/skills into sys.path and tries to import skill_orchestrator, which lets it access other local skill modules. That may be intended for orchestration but increases the blast radius; confirm why the skill needs this and whether it should be limited. - Network behavior: the skill will make outbound requests to EXA (and optionally Feishu). Only provide EXA/Feishu credentials you trust and consider using limited-scope or dedicated keys. Avoid exporting secrets into global shell rc files if you can use more limited storage. Recommendations before proceeding: 1) Verify the skill author/source before installing. The package lists no homepage and the owner id is unknown. 2) Ask the author to update registry metadata to declare required env vars (EXA_API_KEY and optional FEISHU_*). 3) Request code hardening: remove shell=True, use subprocess with an argv list, and properly escape/sanitize query inputs; avoid importing arbitrary local skill paths or explain why it's needed. 4) If you must run it, run in an isolated environment or VM and provide minimal, revocable API keys (not your primary account keys). For Feishu, use an app with limited permissions. 5) If unsure, do not set secrets globally; prefer ephemeral or per-session env vars and review network endpoints the skill contacts.

Like a lobster shell, security has layers — review code before you run it.

foodvk975fkkb9h0bkjm7hdsyz3ffbn84rw37guidevk975fkkb9h0bkjm7hdsyz3ffbn84rw37latestvk975fkkb9h0bkjm7hdsyz3ffbn84rw37localvk975fkkb9h0bkjm7hdsyz3ffbn84rw37parkingvk975fkkb9h0bkjm7hdsyz3ffbn84rw37restaurantvk975fkkb9h0bkjm7hdsyz3ffbn84rw37travelvk975fkkb9h0bkjm7hdsyz3ffbn84rw37

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments