Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

流体网络求解器

v1.0.0

流体网络求解与分析工具。输入TOML格式的网络描述，计算压力流量分布，分析负载状态和连通性。 Use when: 需要分析液压、环控、化工等流体网络系统的工况。 NOT for: 瞬态流动分析、可压缩流体。

⭐ 0· 462·0 current·0 all-time

by@redflag666

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The name/description (flow-network solver) match the code (parser, solver, analyzer). However the SKILL.md claims an 'instruction-only' skill while the bundle actually contains a full Python implementation (run.py, skill.py, src/, tests) and a large vendored virtualenv (venv/). That mismatch is an incoherence: either the metadata is wrong or the publisher packaged source incorrectly. The presence of a full venv is disproportionate to a simple instruction-only wrapper and increases surface area.

ℹ

Instruction Scope

SKILL.md describes accepting a TOML string via JSON and returning JSON results; the code implements exactly that (skill.py reads JSON from stdin). No instructions request unrelated files or credentials. Caveats: the included CLI (src/cli.py) accepts a file path and will read arbitrary files supplied to it — which is reasonable for a CLI tool but means a caller could cause the skill to read local files if given a path. The SKILL.md does not mention the CLI mode; that omission is a scope/documentation mismatch that could be abused if the agent or user supplies file paths.

Install Mechanism

No install spec is declared (the registry says instruction-only), but the package contains many code files plus a full venv with vendored site-packages (click, numpy, pip, etc.). There is no external download, but bundling a virtualenv increases disk footprint and attack surface (third-party code included inside the skill). This packaging choice is unusual and should be questioned: why ship a complete venv instead of a small source tree and a requirements list?

✓

Credentials

The skill declares no required environment variables, no credentials, and the code does not reference external secret env vars. That is proportionate to its purpose.

✓

Persistence & Privilege

always is false and the skill does not request elevated platform privileges or modify other skills. It does not appear to persist or self-enable beyond normal files in its bundle.

Scan Findings in Context

[unicode-control-chars] unexpected: The pre-scan flagged unicode control characters in SKILL.md (prompt-injection pattern). For a solver skill this is unexpected. It may be harmless (e.g., invisible formatting) but should be inspected because such characters can be used to manipulate parsers or evaluation contexts.

What to consider before installing

This skill's functionality (TOML → solver → JSON) appears legitimate and the source code implements the described behavior, but there are a few red flags to consider before installing: - Incoherent packaging: SKILL.md claims 'instruction-only' but the bundle includes full source and an entire venv with vendored third-party packages. Ask the publisher why the virtualenv is bundled and whether the code has been audited. Consider requesting a minimal source-only release. - Inspect SKILL.md for hidden characters: the scanner found unicode control characters — open the SKILL.md in a hex-aware editor or run a small script to show non-printable characters. - Audit vendored dependencies: the venv contains many third-party packages; verify versions and signatures. Bundled dependencies increase risk of outdated or tampered packages. - Review CLI/file-reading behavior: the CLI can read arbitrary file paths. If you or an agent run the CLI with an attacker-controlled path, it could disclose local files. Only run in a controlled/sandboxed environment or ensure inputs are validated. - Run tests in an isolated environment: execute the included tests and a static scan (e.g., search for network calls, subprocess, eval, open with sensitive paths) before using on sensitive data. - Ask for provenance: there is no homepage and the source is 'unknown' — prefer packages with traceable source/repos or signed releases. If you want, I can (1) produce a short script to detect non-printable characters in SKILL.md, (2) produce a checklist of files to inspect in the venv, or (3) run a quick static scan of the repo for network I/O / subprocess / eval usage (reporting suspicious lines) if you provide the files.

✗

venv/Lib/site-packages/numpy/_core/arrayprint.py:1568