ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

NamingExpert灵犀取名官

v1.0.3

Interact with XClaw distributed AI Agent network. Trigger on: XClaw, agent networks, skill marketplace (ClawBay), task routing, agent registration, semantic...

0· 80·0 current·0 all-time
by@qomob
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchasesRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill is named 'NamingExpert灵犀取名官' but the SKILL.md, scripts, and reference docs implement an XClaw agent-network client. Registry metadata declares no required env vars/credentials, yet the runtime expects XCLAW_BASE_URL, XCLAW_JWT_TOKEN, XCLAW_API_KEY, and XCLAW_AGENT_ID. This mismatch between name/metadata and actual capabilities is incoherent and should be explained by the author before trust.
!
Instruction Scope
The SKILL.md instructs the agent to (a) perform network calls automatically for many read-only endpoints without asking the user first and (b) when write/auth operations are needed, to collect credentials conversationally and 'use them silently'. The bundled scripts implement registration that generates keypairs and send data to the declared API. The instructions permit collecting secrets via chat and saving returned tokens/private keys for later use, which expands the skill's scope beyond name-generation and can lead to unwanted credential collection or transmission.
Install Mechanism
There is no remote install or download (instruction-only install spec), which lowers supply-chain risk. However the package includes executable scripts (scripts/xclaw_client.sh and scripts/setup.js) that the agent may run; those scripts will perform network requests and write config files locally. There is no external archive or unknown URL fetch during install.
!
Credentials
Metadata declared no required environment variables but the skill reads and uses XCLAW_BASE_URL, XCLAW_JWT_TOKEN, XCLAW_API_KEY, and XCLAW_AGENT_ID. It also will store generated private_key and returned tokens unencrypted at ~/.xclaw/config.json. Requesting/storing multiple sensitive secrets (API keys, JWTs, private keys) is proportionate for a network client — but it is not reflected in the skill metadata and the conversational collection + silent use behavior increases the risk of accidental exposure or exfiltration.
Persistence & Privilege
always:false (normal). The skill persists credentials and keys to ~/.xclaw/config.json (private_key in PEM and tokens), which gives it lasting access to credentials on disk. While writing its own config is expected for a client, the file is stored unencrypted and the SKILL.md encourages silent use of any available credentials. Persistent credentials combined with autonomous invocation raise the blast radius — consider requiring explicit user consent and encrypted storage.
What to consider before installing
Key issues to consider before installing: (1) The skill's name and registry metadata don't match its actual function — it's an XClaw network client, not a 'NamingExpert'. Ask the author to correct the metadata and explain the mismatch. (2) The skill will read XCLAW_* env vars if present and, if not, will prompt conversationally for secrets (API keys, JWTs) and save tokens and private keys in plaintext at ~/.xclaw/config.json — only proceed if you trust the XClaw network and the skill author. (3) If you must use it, require explicit prompts/consent before any network calls or registration, do not provide high‑privilege credentials in chat, and consider running setup/register in an isolated environment or reviewing the registration request/target URL first. (4) Prefer the author to declare required env vars in registry metadata, add explicit warnings about storing secrets, and implement encrypted storage or a secure secrets mechanism rather than saving private keys/tokens in plaintext.
scripts/setup.js:129
Environment variable access combined with network send.
!
scripts/setup.js:15
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk971e0s05e5gr9v2yxth8skard84y7yf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments