ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

CFGPU API Skill

v1.1.0

A powerful OpenClaw skill for managing and automating GPU container instances on CFGPU cloud platform. Designed for AI/ML developers, researchers, and conten...

0· 54·0 current·0 all-time
byAIAD@r600a-code
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, README, SKILL.md and scripts consistently implement a CLI for CFGPU API operations (region/gpu listing, instance lifecycle, image management). Requesting an API token is appropriate for the stated purpose.
!
Instruction Scope
Runtime instructions and shipped scripts perform expected API calls, but the helper builds curl commands as strings and calls eval in api_request(), which can enable command injection if inputs (instance names, image IDs, etc.) contain malicious characters. setup-env.sh reads and writes ~/.cfgpu/token and may append export lines to shell rc files — these actions modify user configuration and should be made explicit to users.
Install Mechanism
No install spec; skill is instruction-plus-shell-scripts only. No network downloads or archive extraction at install time are requested, which lowers installation risk.
Credentials
Only CFGPU_API_TOKEN (and optional CFGPU_API_TOKEN_FILE) are used — this is proportionate to a cloud API client. However the scripts automatically persist the token to ~/.cfgpu/token and may add export lines to ~/.bashrc or ~/.zshrc during setup-env.sh, which escalates the scope of environment changes and storage of credentials on disk.
!
Persistence & Privilege
always:false (normal), but setup-env.sh and package scripts will write files under the user's home (~/.cfgpu/token) and may append exports to shell rc files — persistent modifications to user config. package-for-github.sh references absolute /root/.openclaw/... paths and writes temporary packaging artifacts under /tmp; these assume filesystem access and could reveal host-specific paths.
Scan Findings in Context
[unicode-control-chars] unexpected: SKILL.md contained unicode control characters flagged as prompt-injection patterns. These may be benign formatting artifacts but could also be used to hide or obfuscate instructions; review SKILL.md for invisible characters before trusting contents.
What to consider before installing
This skill's functionality matches its description, but review before installing: 1) Inspect scripts (cfgpu-helper.sh, setup-env.sh, package-for-github.sh) yourself — they will read/write ~/.cfgpu/token and setup-env.sh can append an export to your shell rc. 2) The helper builds curl commands as strings and uses eval — avoid passing untrusted values (e.g., copy-paste instance names) and consider sanitizing inputs; this is a command-injection risk. 3) SKILL.md had unicode-control characters — open it in a hex-aware editor to ensure nothing hidden. 4) Run the skill in an isolated environment (container or dedicated account) first; create a token with minimal privileges and rotate it after testing. 5) If you don't trust the unknown publisher or cannot audit the scripts, do not install on a production workstation. If you proceed, consider modifying api_request to call curl directly (no eval) and avoid auto-appending credentials to shell rc files.

Like a lobster shell, security has layers — review code before you run it.

latestvk972hgt50fr7hvdf8mgwbtbws983p10g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments