Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
kuaidihelp-skill
v1.0.2Assist with express delivery services including shipping cost estimation, logistics tracking, order creation with QR code, and order cancellation.
⭐ 0· 60·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with the code and instructions: the Python script implements quotation, logistics lookup, order creation (QR) and cancel operations against an external kuaidihelp API. However, the registry metadata declares no required credentials while the package ships with a config.json containing an appId/appKey that will be used for API calls; this is unexpected and worth questioning.
Instruction Scope
SKILL.md instructs the agent to run the included Python script with JSON arguments (and to set OPENCLAW_ALLOW_UNSAFE_EXEC to allow execution). The runtime behavior is limited to reading the shipped config.json, optionally reading KUAIDIHELP_API_KEY / KUAIDIHELP_API_ID environment variables, and making HTTPS POSTs to kop.kuaidihelp.com. The mismatch between metadata (no env vars) and SKILL.md (mentions KUAIDIHELP_API_KEY/KUAIDIHELP_API_ID) is a scope inconsistency. The instructions also cause printed payloads which can include keys/signatures.
Install Mechanism
No install spec or external downloads; the skill is instruction-plus-local Python code only. Nothing is fetched from third-party URLs at install time.
Credentials
The repository includes a scripts/config.json containing an appId and an appKey (embedded credentials) and will use these to speak to the service by default. The SKILL.md additionally documents optional environment variables KUAIDIHELP_API_KEY and KUAIDIHELP_API_ID to override them. The registry metadata claiming no required env vars/credentials contradicts the actual behavior. Shipping a hardcoded appKey in repo is a sensitive and disproportionate artifact — it could be abused for outbound requests using that identity or leak into logs/prints.
Persistence & Privilege
The skill does not request persistent 'always' inclusion, does not modify other skills, and does not install system-wide hooks. Autonomous invocation is enabled by default (normal) but not combined with other high-risk privileges.
Scan Findings in Context
[embedded-api-credential] unexpected: scripts/config.json contains appId and appKey values (kop.kuaidihelp.com, appId: 106149, appKey: a9f8db59...). For a network-backed helper this is functionally useful but embedding credentials in the package and printing payloads is unexpected and risky.
What to consider before installing
This skill appears to implement the courier queries and order operations it claims, but there are a few red flags to consider before installing or running it: 1) The package ships with a hardcoded appId/appKey in scripts/config.json — treat these as secrets. They will be used by default to call kop.kuaidihelp.com and may appear in printed payloads or logs. 2) The SKILL.md documents optional environment variables (KUAIDIHELP_API_KEY / KUAIDIHELP_API_ID) but the skill registry metadata lists no required env vars — verify which credential you want the agent to use and remove or rotate any embedded keys. 3) Running the skill causes the agent to execute a local Python script (the instructions set OPENCLAW_ALLOW_UNSAFE_EXEC) and to transmit addresses/phone numbers to an external service; only run in a trusted environment and avoid sending sensitive personal data until you confirm the service/privacy policy. 4) If you plan to use this skill, consider replacing the embedded config.json values with your own credentials, audit the target domain (kop.kuaidihelp.com), and test network calls from a sandboxed environment. If you cannot confirm ownership/trust of the embedded credentials or the service operator, do not install or run the skill with real user data.Like a lobster shell, security has layers — review code before you run it.
latestvk973a4ks77bzvegmmc12cmjxbh84sxf6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.