Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
aaa
v1.0.0Use when the user mentions wos, WOS, WoS, or Web of Science and wants topic-based literature search, Shenzhen University library login, paper screening, abst...
⭐ 0· 35·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md is clearly about searching Web of Science and writing results to Feishu Base via a local lark-cli; that capability aligns with the description. However, the registry metadata does not declare required binaries (e.g., lark-cli, potentially playwright-cli) or any required credentials even though the instructions explicitly rely on them. The skill package name 'aaa' in metadata also doesn't match the internal skill name 'wos-feishu-literature' (minor coherence issue).
Instruction Scope
The runtime instructions are explicit and constrained to the stated task: run preflight questions, enter WoS via the SZU library route, pause for any interactive 2FA, collect and screen records, and write via local lark-cli. The playbook explicitly forbids persisting user passwords and requires pausing when verification is needed, which limits risky behavior. No instructions attempt to read unrelated host files or exfiltrate data to unknown endpoints.
Install Mechanism
This is an instruction-only skill with no install spec or embedded code, which is low-risk from an installation perspective. Nothing is downloaded or written by the skill bundle itself.
Credentials
The skill declares no required env vars or binaries, yet the playbook assumes presence of local tooling and credentials: lark-cli (with --base-token / auth), possibly playwright-cli and the user's Shenzhen University credentials or session. That mismatch is notable: the skill will require the user's Feishu base token or a logged-in lark-cli session and may expect a SZU login flow. Users should not assume the skill is self-contained; sensitive tokens/credentials will be needed at runtime and are not declared in metadata.
Persistence & Privilege
The skill does not request permanent 'always' inclusion and does not claim to write to other skill configs or system-wide settings. It instructs not to persist passwords and to pause for interactive auth, which reduces privilege concerns. Note: model invocation is enabled (default), which lets the agent call the skill autonomously; this is normal but the user should be aware the agent might attempt operations if given runtime permission.
What to consider before installing
This skill appears to do what it says (search WoS and write to Feishu via lark-cli), but there are some mismatches you should resolve before use: 1) The metadata lists no required binaries or env vars, yet the instructions depend on local lark-cli and optionally playwright-cli — ensure those tools are installed and up-to-date. 2) The workflow will require Shenzhen University credentials (or interactive login) and a Feishu base token/session; do not paste passwords or codes into chat and prefer interactive login as the playbook recommends. 3) Confirm you trust the environment that will run the agent (local CLI calls will be executed by the agent if you permit it). 4) If you want a tighter security posture, request that the skill owner add explicit metadata for required binaries and a clear statement of what runtime secrets are needed, or run the workflow manually following the playbook instead of giving the agent permission to execute commands. If you accept these caveats, the skill is functionally coherent; if not, treat it as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk97dq9wc02vpjytmejsb4w2ndd84s2aq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.