ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

有色小鑽風 · Nonferrous Daily

v1.2.0

Daily non-ferrous metals briefing for AI agents. Collects real-time base metals prices (Cu/Zn/Ni/Co/Mg/Bi) from Yahoo Finance, CCMN 長江有色, SMM, and Westmetall...

1· 199·0 current·0 all-time
by@ramboxie
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's stated purpose (multi-source metals price collection + Telegram briefing) matches the included scripts which fetch many public data sources and compose/send a report. However the registry metadata claims 'Required env vars: none' while SKILL.md/README and the code clearly require TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID (and optionally other API keys). That metadata omission is an inconsistency that could mislead users about required credentials.
Instruction Scope
The SKILL.md instructs the agent to run node scripts from the project and to copy/edit a local .env with Telegram credentials; the code performs expected actions: reading .env, scraping numerous public endpoints (Yahoo, CCMN, SMM, Westmetall, Reddit, Google News, etc.), local JSON composition, and posting to Telegram. The scripts read the local .env file and spawn child Node processes (execFile) — behavior consistent with the described workflow. Nothing in the instructions asks the agent to read or exfiltrate unrelated system files, but the skill will make many outbound network requests to third-party sites and will publish the composed report to whichever Telegram chat ID you provide.
Install Mechanism
No install spec (instruction-only) and no package downloads; code is bundled in the skill. No remote archives or opaque installers are invoked. This is lower risk from an installation perspective.
!
Credentials
The registry lists no required env vars, but README/SKILL.md and multiple scripts require TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID (and document optional METAL_PRICE_API_KEY / ALPHA_VANTAGE_KEY). That mismatch is problematic: the skill needs a secret (Telegram bot token) to operate and will use it to send messages to an external service. Aside from Telegram credentials, the code does not request unrelated secrets. The presence of optional keys in README is reasonable but should be declared in the registry.
Persistence & Privilege
Flags indicate normal privileges (always: false, model invocation allowed). The skill does not request permanent/forced inclusion or attempt to modify other skills or system-wide settings. It reads/writes only within its project folder (.env) and spawns child Node processes as part of its workflow.
What to consider before installing
This skill is functionally coherent with its advertised goal (scraping public metal-price sources and sending a Telegram daily briefing), but there are a few red flags you should consider before installing: - Registry metadata omission: The registry claims no required environment variables, but the code and SKILL.md require TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID. Expect to provide a Telegram bot token (a secret) and a target chat ID for the skill to post messages. Do not paste tokens into public places. - Telegram token risks: The provided bot token allows the code to send messages as your bot. Only use a bot token with limited scope and add the bot to a controlled chat or channel. If you want to be cautious, create a dedicated bot and chat for testing. - Network egress / scraping: The scripts make many outbound requests to third-party sites (Yahoo, CCMN, SMM, Westmetall, Reddit, Google News, Stooq, etc.). This is expected for the purpose but means the host running the skill must allow network access; review whether that is acceptable for your environment. - Review and run in a sandbox: Because the skill code runs Node.js and spawns child processes, run it first in an isolated environment (local dev machine, VM, or container) and inspect .env.example and code. Confirm there are no hidden endpoints or unexpected destinations in the code you didn't notice. - Operational reliability: The code contains many site-specific scrapers and tests to bypass Cloudflare-like blocks; this is a reliability concern (breaks if sites change) but not necessarily malicious. Expect maintenance. - What would change this assessment: if the registry metadata were corrected to declare the required TELEGRAM_* env vars (and optional keys) and the source/repo were a verified/known account (homepage/source present), the classification could be downgraded to benign. Conversely, any evidence of hidden remote endpoints, secret exfiltration, or opaque installers would raise the severity. Recommended next steps: inspect .env.example, run the scripts locally with dummy tokens to verify behavior (they will error sending to Telegram if tokens are invalid), and limit the bot/chat scope before connecting real channels.
!
scripts/daily-report.mjs:6
File read combined with network send (possible exfiltration).
!
scripts/fetch-prices.mjs:7
File read combined with network send (possible exfiltration).
!
scripts/send-telegram.mjs:13
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk975ngch7kxr1bb5qsn3evp1458457gd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments