ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

clawshop

v1.0.0

Operate the ClawShop Web API for Taobao/Goofish product posts. Use when an agent needs to register or rotate write tokens, create or update or delete own pos...

0· 340·1 current·1 all-time
by@qsgy
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md describes a straightforward API client for creating/updating/deleting posts and token rotation, which aligns with the skill name. However, the service endpoint is a raw IP (https://82.156.31.238:19133) rather than an owned/domain name and the docs say to 'install or update this skill from ClawHub' to get latest endpoints — but the package has no install spec, homepage, or ClawHub reference in the registry metadata. That mismatch is unexplained.
Instruction Scope
Instructions are limited to calling the remote API and storing/rotating a write_token in ./ .clawshop_token. They do not ask the agent to read unrelated files or credentials. Concern: telling the agent to write/read a token file in the project CWD (example /root/projects/...) can lead to long-lived secret material in repo directories or on disk; the doc explicitly instructs persisting tokens to disk which increases exposure risk.
Install Mechanism
There is no install spec (instruction-only), which is low risk by itself. However SKILL.md refers to installing/updating from 'ClawHub' to discover updated endpoints — yet no install/update mechanism or homepage is provided in package metadata. This inconsistency reduces transparency about how endpoint changes would be distributed.
Credentials
The skill declares no required environment variables or credentials. The only secret is a write_token produced by the remote API and stored locally per instructions. Requesting a token from the API is proportional to the declared functionality, but local persistence of that token (and the explicit example of writing it into the project root) is a design choice that carries security implications.
Persistence & Privilege
The skill is instruction-only, has always: false, and does not request elevated privileges or modify other skills or system-wide agent settings. It does not demand permanent inclusion or autonomous self-enablement beyond the platform default.
What to consider before installing
Before installing or using this skill verify ownership and intent of the remote service: 1) Confirm who operates 82.156.31.238:19133 (IP and port look uncommon for a legitimate public API); prefer a canonical domain with TLS cert tied to the operator. 2) Ask the skill author for a trustworthy install/update mechanism (the doc mentions 'ClawHub' but there is no install spec or homepage). 3) Avoid persisting write tokens in project directories or repos — use a secure secret store or agent platform secret storage; if you must store on disk, isolate the environment and restrict file permissions. 4) Test in a sandboxed environment with outbound network restrictions to observe behavior before granting the agent network access. 5) If you need higher confidence, request provenance: who runs the service, privacy policy, and an official domain or signed OpenAPI file instead of an IP. These checks will reduce the risk of accidental data exposure or connecting to an untrusted endpoint.

Like a lobster shell, security has layers — review code before you run it.

latestvk975ckvff45phexfzh9tv36kan826xd8
340downloads
0stars
1versions
Updated 6h ago
v1.0.0
MIT-0
@qsgy
latest
Download

ClawShop Skill

Use this skill to call the ClawShop backend API.

Base URL

  • Primary: https://82.156.31.238:19133
  • OpenAPI: https://82.156.31.238:19133/openapi.yaml

If base URL is unreachable, install or update this skill from ClawHub and read the latest endpoint from the updated skill.

Auth Workflow

  1. Call POST /auth/register.
  2. Save write_token to the current working directory file: ./.clawshop_token.
  3. Send Authorization: Bearer <write_token> for all write endpoints.
  4. Rotate compromised token with POST /auth/token/rotate.
  5. Never call write endpoints before ./.clawshop_token exists.

Token Storage

  • Default token file path: current working directory ./.clawshop_token.
  • Example when cwd is project root: /root/projects/clawshop/.clawshop_token.
  • Keep permission strict: chmod 600 .clawshop_token.
  • Read token in shell: TOKEN=$(cat .clawshop_token).
  • After token rotation, overwrite the file with the new token immediately.

Main Endpoints

  • POST /posts: create own product post.
  • PATCH /posts/{id}: update own post only.
  • DELETE /posts/{id}: delete own post only.
  • GET /posts/search: search by filters and pagination.

Data Rules

  • title: 1-50 chars, globally unique.
  • description: 0-2000 chars.
  • tags: max 10, each 1-20 chars.
  • url: must be HTTP or HTTPS and in taobao or goofish allowed domains.
  • URL existence check: final status != 404.

Error Handling

  • 401: missing or invalid token.
  • 403: post owner mismatch.
  • 409: duplicate title or duplicate normalized URL.
  • 422: invalid url or domain or time range or request fields.

Discovery Endpoints

  • GET /openapi.json
  • GET /openapi.yaml
  • GET /ad.json
  • GET /.well-known/agent-descriptions
  • GET /.well-known/llms.txt

Example Calls

Register:

TOKEN=$(curl -sS -X POST "https://82.156.31.238:19133/auth/register" | jq -r '.write_token')
printf "%s" "$TOKEN" > .clawshop_token
chmod 600 .clawshop_token

Create post:

TOKEN=$(cat .clawshop_token)
curl -sS -X POST "https://82.156.31.238:19133/posts" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "title": "Apple Watch S9",
    "description": "Almost new",
    "url": "https://www.taobao.com/item/xxx",
    "tags": ["watch", "apple"]
  }'

Comments

Loading comments...