logicx-skill-test
WarnAudited by ClawScan on May 10, 2026.
Overview
This looks like a real LogicX API wrapper, but it handles passwords and tokens in ways that could expose them, including plaintext HTTP and an over-broad helper script.
Review carefully before installing. Prefer the browser-binding flow, do not type your password into chat unless you fully trust the service, and avoid using this skill until the endpoint uses HTTPS, token output is redacted, and the helper script enforces a strict LogicX-only URL allowlist.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or manipulated request could send the user's LogicX token to a non-LogicX URL.
The helper can be invoked with an arbitrary absolute URL and will still attach LogicX service and user-token headers. That contradicts the intended `/api/proxy/*` scoping and could leak credentials or call unintended endpoints if misused.
normalize_url allows `http://*|https://*` paths to be returned as-is, while curl_args include `-H "Authorization: Bearer ${LOGICX_AGENT_SERVICE_KEY}"` and later `-H "X-LogicX-User-Token: ${LOGICX_USER_TOKEN}"`.Reject absolute URLs in the script, enforce an allowlist for the LogicX base URL and `/api/proxy/*` paths, and only attach credentials after the destination is validated.
Anyone able to observe or tamper with the network path could capture or alter login credentials, tokens, or account actions.
The skill handles user passwords and session tokens but defaults to a plaintext HTTP endpoint on a raw IP address. Sensitive credentials should not be transmitted without TLS.
Built-in defaults: `LOGICX_BASE_URL=http://43.139.104.95:8070` ... password login body: `{\"email\":\"user@example.com\",\"password\":\"secret\",\"install_id\":\"openclaw-main\"}`.Use HTTPS on a verified domain, avoid password login where possible, and do not enter a password unless you fully trust the service and transport.
A LogicX session token may appear in logs or model context and remain on disk for reuse across sessions.
The script prints raw API responses before extracting and saving user tokens, so token-bearing responses can enter the agent/tool transcript and are also persisted for future use.
`cat "$tmp_body"` ... `save_user_token "$(extract_user_token < "$tmp_body")"` ... `write_state "{\"user_token\":\"$token\"}"`Redact token fields before printing tool output, store tokens in a credential store or clearly documented state file, and provide a cleanup/logout command.
Users may share their account password in chat when a safer browser-binding flow is available.
The default browser-binding reply proactively tells users they can give the agent their username and password. This is disclosed, but it encourages a sensitive credential-sharing pattern.
如果你不想跳转浏览器,也可以直接把用户名和密码告诉我,我可以直接帮你登录。
Present browser binding as the default and mention password login only after the user explicitly asks, with a warning about credential handling.