ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Local Guide - Food & Travel

v1.0.0

本地通推荐技能 - 利用互联网全域搜索,绕过商业评价平台,挖掘真正受当地人认可的地道去处。支持美食、小吃、酒店、景点、温泉、停车场等多种类型推荐。触发词:本地通推荐、本地人推荐、老字号、地道美食、小众景点、性价比酒店。

0· 36·0 current·0 all-time
by@pythonmango
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's purpose (web search-based local recommendations and optional Feishu card output) aligns with the included scripts (search_module.py, feishu_card.py, send_feishu_card.py). However the skill metadata declares no required environment variables or credentials while README and the scripts clearly require EXA_API_KEY (core search API) and optionally FEISHU_APP_ID / FEISHU_APP_SECRET for Feishu output. That omission is an incoherence: a search-based skill legitimately needs a search API key, and the FEISHU creds are reasonable for the card-sending feature — but they should be declared in the skill's metadata.
!
Instruction Scope
SKILL.md describes automated multi-round web searches and instructs converting results to detailed outputs and, when on Feishu, producing JSON and calling the included send_feishu_card.py. The code implements these behaviors. Two problematic details in the instructions/code: (1) search_module.py uses subprocess.run with shell=True to call an mcporter CLI and constructs the shell command by interpolating user-provided query strings (mcporter call exa.web_search_exa query='{query}' ...). That enables command injection if queries are maliciously crafted. (2) search_module.py inserts '~/.agents/skills' literally into sys.path (tilde not expanded) and attempts to import a local orchestrator; fallback behaviors and assumptions about host tooling (mcporter/search-default) are brittle. The SKILL.md also requires extracting phone numbers/navigation/pricing from arbitrary web sources — that implies scraping and data collection but the instructions do not bound how that data is fetched or sanitized.
Install Mechanism
There is no install spec; this is instruction+script only. No remote downloads or archive extraction are performed by the skill itself. That reduces supply-chain installation risk. The included Python scripts use requests and subprocess but do not attempt to fetch or execute code from untrusted URLs.
!
Credentials
The skill metadata lists no required environment variables, but README and the scripts require EXA_API_KEY (core search engine) and optionally FEISHU_APP_ID / FEISHU_APP_SECRET to obtain a tenant_access_token and send Feishu messages. Requesting FEISHU app credentials is proportionate to the Feishu feature, but the credential requirement is omitted from the declared metadata. Also the skill suggests adding EXA_API_KEY to shell profile files; storing API keys in shell rc files is common but has operational security tradeoffs. The skill does not send credentials to unknown endpoints — Feishu calls go to open.feishu.cn and the EXA dependency is invoked via mcporter/exa — but undeclared credentials reduce transparency.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not attempt system-wide configuration changes. It reads environment variables and runs subprocesses in-process; normal for this type of skill. No evidence of attempts to persist or escalate privileges beyond using provided environment variables.
What to consider before installing
What to consider before installing/running: - Missing declared credentials: The skill metadata did not declare required env vars but the code and README require EXA_API_KEY (search API) and optionally FEISHU_APP_ID/FEISHU_APP_SECRET. Treat those as required if you want full functionality. Ask the publisher to add them to the skill metadata for transparency. - Command injection risk: search_module.py constructs a shell command with user-supplied queries and calls subprocess.run(..., shell=True). If queries come from untrusted inputs this can lead to command injection. Before running, either run the skill in a sandboxed environment or patch the code to use subprocess.run([...], shell=False) with properly quoted/escaped arguments. - Feishu credentials: If you provide FEISHU_APP_ID/FEISHU_APP_SECRET, the skill will exchange them for a tenant_access_token and can post messages as the app. Only provide these credentials if you trust the skill and plan to use the Feishu card feature. Consider creating a least-privilege Feishu app or testing in a non-production tenant. - Provenance & author: Owner ID and homepage are unknown and the README lists a personal author. If you do not trust the source, request the author/publisher to supply provenance, publish the skill in an official registry, or review the code line-by-line. - Operational recommendations: Run in an isolated environment (container), review/patch these items before use: (1) replace subprocess shell=True usage with safe argument lists, (2) expand/resolve tilde in sys.path insertion, (3) add explicit input validation/sanitization for queries, (4) ensure the skill's declared metadata lists EXA and FEISHU env vars. - If you need help: ask the publisher to (a) update skill metadata to declare EXA_API_KEY and FEISHU_* env vars, (b) remove shell=True or sanitize inputs, and (c) provide a short privacy note describing what data is sent to EXA or Feishu and whether any scraped data is logged externally.

Like a lobster shell, security has layers — review code before you run it.

foodvk974zmv0p9pb94bnph4mh8fvk984rpa6guidevk974zmv0p9pb94bnph4mh8fvk984rpa6latestvk974zmv0p9pb94bnph4mh8fvk984rpa6localvk974zmv0p9pb94bnph4mh8fvk984rpa6parkingvk974zmv0p9pb94bnph4mh8fvk984rpa6restaurantvk974zmv0p9pb94bnph4mh8fvk984rpa6travelvk974zmv0p9pb94bnph4mh8fvk984rpa6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments