nicebox-site-manager
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: nicebox-site-manager Version: 1.0.1 The skill bundle provides legitimate functionality for managing websites via the NiceBox OpenClaw API. The Python scripts (list_messages.py, publish_article.py, and site_status.py) use standard libraries to perform authenticated HTTP requests to the documented domain (ai.nicebox.cn) and do not exhibit any signs of data exfiltration, malicious execution, or prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could post content publicly to the user's site before the user has reviewed it, if the user or workflow does not explicitly require draft mode or confirmation.
The publish tool's default action is to publish live content rather than create a draft, and the script has no built-in confirmation step.
parser.add_argument("--status", default="publish", choices=["draft", "publish"], help="Article status")Use this tool only after reviewing the article content; prefer `--status draft` for generation workflows, or add an explicit user approval step before live publishing.
The API key likely grants access to manage the user's NiceBox site, and it would be sent to whatever API base URL is configured.
The skill requires an API key and sends it in the Authorization header; this is expected for the NiceBox API, but the destination can be changed with a base URL override.
Authorization: $AIBOX_API_KEY ... Optional override for base URL: export AIBOX_BASE_URL="https://ai.nicebox.cn/api/openclaw"
Use a least-privilege NiceBox API key if available, keep `AIBOX_BASE_URL` pointed only at trusted NiceBox infrastructure, and rotate the key if it may have been exposed.
A malicious or sensitive site message could appear in the agent context; the agent should not treat instructions inside messages as authoritative.
Site messages and leads may contain untrusted third-party text or personal information, and the skill returns that content directly into the agent-visible output.
List messages, inquiries, or leads from your site ... Output is printed as formatted JSON for easier debugging and agent use.
Treat retrieved messages as untrusted data, avoid storing or sharing them unnecessarily, and ignore any instructions embedded in message contents.