Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
skills-security-scanner
v1.0.0审计和扫描技能的安全性。在启用新技能前使用此工具验证其安全性,确保符合安全策略。
⭐ 0· 96·0 current·0 all-time
byqihuang@qihuang0
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The description says this audits/scans skills (and the SKILL.md repeatedly mentions a local analysis service), which is plausible. However, the script imports a Volcengine SDK and builds requests to open.volcengineapi.com (and signs requests with AK/SK). The registry declares no required credentials or secrets even though the script requires access keys or a config.json with credentials to upload. Asking for cloud credentials is not aligned with the 'local' wording and the metadata.
Instruction Scope
SKILL.md instructs the agent to run scripts/scan.py with absolute paths and to ensure scripts/config.json exists (or use env vars). The script will zip and upload the entire target skill directory (or archive) to a scan endpoint. That means arbitrary skill source code and files are transmitted. SKILL.md frames this as a local service, but the code defaults to a remote cloud API—so the instructions understate where data may go.
Install Mechanism
This is an instruction-only skill with a provided Python script (no install spec). The script imports third-party packages (requests and a volcengine SDK) that are not declared; there is no install step to ensure dependencies are present. Lack of an install spec is low-install risk but means execution may fail or behave unexpectedly if required libs are missing.
Credentials
No required environment variables or primary credential are declared in the registry, yet the script expects access key/secret (AK/SK) via scripts/config.json or environment variables and uses SignerV4 to sign upload requests. Requesting cloud credentials to upload arbitrary code is high-sensitivity and is not justified or declared by the skill metadata or description.
Persistence & Privilege
The skill is not always:true and does not request persistent system-level access. It can be invoked autonomously (the platform default), which combined with the credential/upload behavior increases risk, but the skill itself does not claim elevated persistence privileges.
What to consider before installing
This skill will ZIP and upload entire skill directories to a scan API and requires access keys (AK/SK) supplied by scripts/config.json or environment variables—yet the registry lists no required credentials and the README implies a local service. Before installing: (1) ask the author which endpoint will receive the uploads and request that endpoint be explicit (local vs cloud) and documented; (2) do not provide real cloud credentials—use a throwaway/test account if you must trial it; (3) inspect scripts/config.json and the full script to confirm upload_url and signing behavior; (4) if you must run it, run in a sandbox or isolated environment and test with non-sensitive sample skills first; (5) consider asking the maintainer to declare required env vars in metadata and to add an explicit opt-in step that shows the upload destination before transmitting code.Like a lobster shell, security has layers — review code before you run it.
latestvk97bk2bnakxt5g5dhayxf52t79835hf3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.