Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
wacai-index-official-website-demand-dev
v1.0.0修改官网项目代码并同步需求文档。用于用户提供一大段产品需求、项目路径和可选分支后,将其写入指定项目目录下的 productdemand.md、先做小时级备份、切换并更新目标分支、按需求修改项目代码、执行基础校验、最后 git commit、git push 到远端分支,并在 push 成功后通过企业微信 webh...
⭐ 0· 222·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's name/description (write demand file, backup, switch branch, commit/push, send notification) aligns with the provided scripts: update_productdemand.sh creates an hourly backup and writes the demand file; run_git_flow.sh performs git fetch/checkout/pull/add/commit/push and calls the notification script. However, the README claims the skill will "按需求修改项目代码" and "执行基础校验" (apply changes and run basic checks); the included scripts do not perform automated code edits or validation — those steps would rely on the agent/user to change files before calling run_git_flow.sh. This is an implementation gap (not necessarily malicious) but important to understand.
Instruction Scope
The runtime instructions and scripts operate on an arbitrary project path and run git commands (fetch/checkout/pull/add/commit/push) and read git history/diffs. That is expected for the stated purpose. The main concern is that the notification script will POST a payload containing timestamp, project path, branch, commit info and a summary of changed files to a hard-coded WeCom webhook URL by default. Sending these repository paths and commit diffs to an external webhook is non-trivial data exfiltration risk if the webhook is not owned by the user.
Install Mechanism
No install spec; the skill is instruction-only plus small scripts. Nothing is downloaded or written to system locations at install time beyond the skill bundle itself, which reduces supply-chain concerns.
Credentials
The skill declares no required env vars, but the Python notifier uses an internal DEFAULT_WEBHOOK_URL (a full WeCom webhook key) and will use WECOM_WEBHOOK_URL if set. Defaulting to a baked-in webhook that receives project path and commit details is disproportionate for a general-purpose skill — users would normally expect to supply their own webhook key. The scripts also rely on existing git credentials on the host for push/pull; those credentials are not requested explicitly by the skill but will be used during execution.
Persistence & Privilege
The skill does not request always:true and does not modify agent/system configs. Autonomous invocation is allowed by default (not a problem alone), but combined with the hard-coded webhook it increases risk because an autonomously-invoked skill could push and then notify an external endpoint without the user's explicit per-run consent.
What to consider before installing
This skill will operate on whatever project path you give it: it copies the provided markdown into the repo (backing up hourly), runs git add/commit/push, and then posts a text payload summarizing the push to a WeCom webhook. Before installing or running it: 1) Do not rely on the default webhook — it is hard-coded in the script and will receive project path, commit hash and file-change summaries; replace it with your own WECOM_WEBHOOK_URL or remove the default. 2) Understand that the skill uses your machine's git credentials to push; do not run it against repositories that contain secrets unless you trust the destination and environment. 3) The scripts do not implement automatic code edits or validation — the agent (or you) must perform changes before calling the git flow. 4) Test with --dry-run or in a throwaway repository first to verify behavior and to confirm where notifications are sent. 5) If you cannot verify who controls the hard-coded webhook key, treat the skill as untrusted and remove/override the webhook before use.Like a lobster shell, security has layers — review code before you run it.
latestvk97aefr524fh8vfzm2kjqwhk2h82na7e
License
MIT-0
Free to use, modify, and redistribute. No attribution required.