ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

泛微 e-office 即时通讯(IM)WebSocket API - 私聊、群聊、AI助手等

v1.0.0

泛微 e-office 即时通讯(IM)WebSocket API - 私聊、群聊等

0· 103·0 current·0 all-time
by@quanruxiaohong
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name/description and SKILL.md consistently describe an e-office IM WebSocket client (private/group messages, group management, online status). However the registry metadata earlier stated no required environment variables while the SKILL.md metadata (and README) clearly require EOFFICE_IM_BASE_URL and EOFFICE_IM_TOKEN; this manifest mismatch is an incoherence that should be fixed before trusting the package. The homepage URL appears to be a placeholder (github.com/yourname/...), which reduces confidence in provenance.
Instruction Scope
The runtime instructions stay within IM functionality: connect to a WebSocket, send/receive events, manage groups, query online/offline messages. They explicitly require an IM base URL and an OA token for handshake.auth; they do not instruct reading unrelated files or other environment variables. Examples include AES encryption usage but do not instruct the agent to obtain or exfiltrate unrelated secrets.
Install Mechanism
This is an instruction-only skill with no install spec and no code files that execute on install. That minimizes install-time risk because nothing is downloaded or written by an installer. The README suggests optional cloning/linking steps for manual install, which are normal.
Credentials
The SKILL.md requires two environment values (EOFFICE_IM_BASE_URL and the sensitive EOFFICE_IM_TOKEN). Those are proportionate to an IM integration, but EOFFICE_IM_TOKEN is an OA access token that can permit sending messages, managing groups, and other actions as the authenticated account — a high-impact secret. The registry metadata omitted these requirements, which is inconsistent and concerning.
Persistence & Privilege
always:false (good). The skill allows normal autonomous invocation (disable-model-invocation:false), which is expected. Combined with the required OA token, this means an agent with this skill could autonomously send messages or modify groups using that token; that risk is normal for an IM skill but should be explicitly acknowledged by the operator.
What to consider before installing
Before installing or enabling this skill: - Verify the source: the homepage URL looks like a placeholder. Confirm the repository and publisher identity and review their code if available. - Fix the metadata mismatch: the registry entry should declare EOFFICE_IM_BASE_URL and EOFFICE_IM_TOKEN as required env vars so you know what you must provide. - Treat EOFFICE_IM_TOKEN as a high-impact secret: only provide a token with minimal scope (prefer a dedicated service account or scoped token rather than an admin user's token). Limit what that account can do (send-only, limited group management) where possible. - Consider operational controls: test in an isolated/dev environment first, require manual confirmation for actions that send messages on behalf of users, and rotate/revoke the token if you remove the skill. - If you need higher assurance, ask for a non-placeholder upstream repo, signed releases, or a maintainer contact and perform a code review of any implementation before installation. These steps will reduce the risk that an unknown skill with access to an OA token can send or manage messages unexpectedly.

Like a lobster shell, security has layers — review code before you run it.

latestvk970r873nbyf7zy3985pkz1gpx83eykv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments