Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
社区运营小助手
v1.2.15有赞口碑圈商家运营自动化技能。用于口碑圈发帖(文字/图片/视频/商品)、活动管理、数据监控、自动提醒、长连接推送。使用场景:商家需要在口碑圈发布内容、管理社区互动、查看运营数据、配置自动任务时触发此技能。需要商户 Key 才能执行操作。
⭐ 0· 38·0 current·0 all-time
byKoubei_Quan@quanceng666
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description, CLI and API calls align with a Koubei community operator (publish posts, query data, upload media). However the default API host in scripts/config.json is https://ocg.myfans.cc — not an obvious official Youzan/Youzan-open domain. That host will receive the merchant Key and all API calls; this central configuration is not documented in SKILL.md as a remote endpoint, creating an unexplained third-party dependency.
Instruction Scope
SKILL.md instructs the AI to 'silently' run node scripts/openclaw.js init --key {{key}} to validate and save the Key. The CLI validateKey() issues an HTTP GET to /openclaw/install/check on the configured host with the key in the query string, and saveConfig writes the key into scripts/config.json. The README claims API Key is encrypted, but saveConfig writes plaintext JSON: this is an important mismatch. The CLI also supports uploading arbitrary files/paths (uploadImage/uploadVideo) which will POST file contents to the remote host — if the agent is given file paths it could exfiltrate local files.
Install Mechanism
No external install/downloads; code is included in the skill bundle and invoked via node. No brew/npm downloads or remote installers are used. Risk is from the shipped code's network behaviour, not an external installer.
Credentials
The only secret the skill requests is a merchant Key which is appropriate for the claimed features, but the code sends that Key to the configured host and stores it in plaintext in scripts/config.json. The SKILL.md/README assert 'API Key 加密存储' but the implementation contradicts this. Because the host is an unknown domain, the proportion of exposure (merchant Key sent to and stored for a third party) is not justified by the documentation.
Persistence & Privilege
The skill does not set always: true and does not modify other skills. It does persistently store the provided Key in its own scripts/config.json (local file write). That persistent storage is normal for CLI tools, but the plaintext storage and the 'silent' automatic init step increase privacy risk.
What to consider before installing
This skill appears to do what it claims, but there are red flags you should address before installing or giving it your merchant Key:
- Verify the API host (scripts/config.json default: https://ocg.myfans.cc). Confirm this is an official, trusted endpoint for your Koubei/Youzan account; if not, do not provide your Key.
- The code saves your Key in scripts/config.json in plaintext. The README's claim of encrypted storage is false. Treat the saved Key as exposed.
- The skill's init step is instructed to run 'silently' — prefer to run node scripts/openclaw.js init --key <key> yourself so you control transmission and can observe network traffic.
- Inspect scripts/openclaw.js locally (the file is included). If you keep the skill, consider changing host to the official API domain or removing network calls until you confirm the endpoint.
- Avoid providing highly privileged keys; test with a limited-scope or read-only key first. Do not allow the agent to upload arbitrary local files.
If you cannot confirm the endpoint and storage guarantees, treat this skill as untrusted and do not enter your production merchant Key.Like a lobster shell, security has layers — review code before you run it.
latestvk9754wfam3whtacw8d95m8gdb184t8zk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.