Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Siluzan Cso
v1.1.11当用户提问的内容涉及以下内容时,可以使用本SKILL(1)多媒体平台内容(视频/图文)发布与运营(YouTube、TikTok、Instagram、LinkedIn、X、视频号),以及账号授权、数据报表、任务管理;(2)公众号、小红书等内容文案/选题生成——选题/拆解/口播成稿、三库选题;(3)RAG 知识库检索...
⭐ 0· 111·0 current·0 all-time
bySiluzan Dev@sigedev01-bit
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (media publishing, copy generation, RAG retrieval) aligns with the documented commands and references (publish, upload, rag query, planning, etc.). Required credentials and config (API key / JWT token, ~/.siluzan/config.json) are expected for a CLI that talks to a CSO backend. However, there's an incoherence between the top-level manifest in the evaluation header (no required binaries/env) and the included _meta.json which lists requiredBinaries: ["node","npm"] and configPaths: ["~/.siluzan/config.json"]. This mismatch (registry vs _meta.json) should be resolved.
Instruction Scope
SKILL.md instructs the agent/user to run an installer script (bash scripts/install.sh or PowerShell scripts/install.ps1), to run siluzan-cso login, to init (which writes Skill files into AI assistant directories), and to read/write ~/.siluzan/content-library. Those actions will read/write local files and may perform network requests (OAuth in browser, CLI talking to api.siluzan.com). The instructions also reference executing node -e to parse JSON from stdin. These behaviors are coherent with the skill purpose but broaden the surface: installing software and writing into ~/.siluzan and the assistant skill directories are significant; the SKILL.md also references a scripts/ installer that is not present in the file manifest, which is an inconsistency and a red flag.
Install Mechanism
This registry entry has no formal install spec. SKILL.md promises a one‑click installer (scripts/install.sh / scripts/install.ps1) that will detect/install Node.js, install the CLI, register the Skill globally, and guide API key config. However, the provided file manifest does not include the referenced scripts/ directory or install scripts. That mismatch means the documentation expects an installer that isn't bundled here; running an external installer (if obtained from another source) would be higher risk. The _meta.json's 'source' field points to an Azure repo and the homepage is siluzan.com — verify the installer source before executing anything.
Credentials
The skill uses/mentions SILUZAN_API_KEY, SILUZAN_AUTH_TOKEN, and a data-permission flag; those are appropriate for a backend service. It also reads/writes ~/.siluzan/config.json and may write ~/.siluzan/content-library and assistant skill files. Requesting an API key / JWT for a content-operation CLI is proportionate, but note the config path is sensitive (contains credentials). The skill explicitly warns against writing token to shell history and suggests env-var usage — that's reasonable. No unrelated credentials (AWS, GitHub, etc.) are requested.
Persistence & Privilege
always:false (no forced global inclusion). The skill's workflows instruct writing files: initializing skill files into AI assistant directories (siluzan-cso init) and storing config under ~/.siluzan. Those are expected for a CLI-backed skill but grant the skill filesystem persistence in user config and assistant skill directories. This is not unusual for a CLI integration but users should be aware these writes occur.
What to consider before installing
What to check before installing or running anything:
- Do not run any installer script you haven't inspected. SKILL.md refers to scripts/install.sh and scripts/install.ps1, but the packaged files you were given do not include those scripts. Ask the publisher where the installer comes from and inspect its contents (or install the CLI yourself via the official npm package name shown in references: npm install -g siluzan-cso-cli).
- Confirm source authenticity: _meta.json points to https://dev.azure.com/... and homepage https://www.siluzan.com. If you trust that domain/repo, fetch the installer directly from those official locations and review code before execution.
- Installation impact: the CLI and workflows will read/write ~/.siluzan/config.json and may write files into ~/.siluzan/content-library and into your AI assistant skills directory (via siluzan-cso init). Back up any sensitive files before proceeding.
- Credentials: the skill requires an API Key / JWT to operate. Prefer using environment variables (SILUZAN_API_KEY or SILUZAN_AUTH_TOKEN) for CI/automation and avoid copying tokens into shell history. The skill itself warns that setting token via config set --token can leak to shell history.
- Least-privilege: create API keys with minimal permissions needed, and rotate/revoke them if you later uninstall the CLI.
- If you need to proceed: prefer manual install (npm install -g siluzan-cso-cli) after reviewing the CLI source code on the vendor's official repo; do not run arbitrary downloaded/extracted binaries or install scripts from unknown servers.
Why I marked this suspicious: the core functionality and requested env/paths make sense for a content-ops CLI, but the package's documentation references installer scripts that aren't bundled and metadata about required binaries conflicts with the registry header — that inconsistency could be an innocent packaging error, but it also creates risk if users follow opaque installation instructions. Verify the installer and CLI source before running.Like a lobster shell, security has layers — review code before you run it.
latestvk9762q9w04k2kktfx2jkckcdv584ysbr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.