nicebox-site-manager
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could post content publicly to the user's site before the user has reviewed it, if the user or workflow does not explicitly require draft mode or confirmation.
The publish tool's default action is to publish live content rather than create a draft, and the script has no built-in confirmation step.
parser.add_argument("--status", default="publish", choices=["draft", "publish"], help="Article status")Use this tool only after reviewing the article content; prefer `--status draft` for generation workflows, or add an explicit user approval step before live publishing.
The API key likely grants access to manage the user's NiceBox site, and it would be sent to whatever API base URL is configured.
The skill requires an API key and sends it in the Authorization header; this is expected for the NiceBox API, but the destination can be changed with a base URL override.
Authorization: $AIBOX_API_KEY ... Optional override for base URL: export AIBOX_BASE_URL="https://ai.nicebox.cn/api/openclaw"
Use a least-privilege NiceBox API key if available, keep `AIBOX_BASE_URL` pointed only at trusted NiceBox infrastructure, and rotate the key if it may have been exposed.
A malicious or sensitive site message could appear in the agent context; the agent should not treat instructions inside messages as authoritative.
Site messages and leads may contain untrusted third-party text or personal information, and the skill returns that content directly into the agent-visible output.
List messages, inquiries, or leads from your site ... Output is printed as formatted JSON for easier debugging and agent use.
Treat retrieved messages as untrusted data, avoid storing or sharing them unnecessarily, and ignore any instructions embedded in message contents.