ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

DiDi Ride SKILL

v1.1.1

中国城市出行服务。当用户表达任何交通出行需求时必须使用此技能——包括打车/叫车/网约车、查价格、路线规划(公交/驾车/步行/骑行)、周边搜索、查询订单/司机位置/取消订单。关键词:"打车"、"叫车"、"去[地点]"、"回家"、"上班"、"下班"、"查价格"、"多少钱"、"路线"、"怎么走"、"步行到"、"附近"、...

4· 779·2 current·3 all-time
by@didi·duplicate of @didi/didi-ride
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description, required binaries (openclaw, mcporter), and DIDI_MCP_KEY credential align with a DiDi MCP integration. The install spec (npm mcporter) is reasonable for calling MCP endpoints. Minor incoherence: registry metadata lists no required config paths but the instructions explicitly tell the agent to edit ~/.openclaw/openclaw.json and create cron jobs via openclaw — the skill therefore expects write access to OpenClaw configuration and scheduling subsystems that is not reflected in the declared config paths.
!
Instruction Scope
Runtime instructions direct the agent to read and write local files (assets/PREFERENCE.md, SKILL.md and references/*), edit OpenClaw config (~/.openclaw/openclaw.json), create cron jobs (openclaw cron add), and accept the MCP key via plain chat message. The skill also mandates automatic scheduled (isolated) runs that will execute the full booking flow later. These actions go beyond simple API proxying and introduce persistent state changes and secret handling in chat.
Install Mechanism
Install uses npm install -g mcporter which is a typical registry-based install (moderate risk). There is no arbitrary URL download or archive extraction. The skill does not attempt to install openclaw itself (it requires it to already exist).
!
Credentials
Only DIDI_MCP_KEY is declared as the primary credential, which is appropriate for the API. However, the SKILL.md encourages users to paste the MCP key directly into chat for the agent to persist, and instructs writing phone numbers and addresses into assets/PREFERENCE.md. The declared requirements omit the implied need to modify ~/.openclaw/openclaw.json and to have permission to create cron jobs — both are sensitive capabilities. Persisting secrets and personal phone numbers in skill files increases exposure risk.
!
Persistence & Privilege
The skill is flagged always:true (force-included every agent run) and instructs creation of cron jobs that spawn isolated agent sessions later. always:true combined with persistent credential access and file writes raises the blast radius: scheduled tasks plus forced inclusion could cause repeated autonomous actions using a stored MCP key and user preferences. The skill also edits OpenClaw config, which affects the agent environment.
What to consider before installing
This skill appears to implement a genuine DiDi MCP integration, but it asks for and persists sensitive data and gains persistent execution privileges. Before installing: - Prefer not to paste your MCP key into an open chat. Instead set DIDI_MCP_KEY via openclaw config or an environment variable yourself (openclaw config set / export). - Review and control write access to ~/.openclaw/openclaw.json and the skill directory; the skill will edit config and assets/PREFERENCE.md (which may store phone numbers and addresses). - Consider removing or questioning the always:true flag; a mobility skill does not normally need to be force-included in every agent run. - Be aware the skill will create openclaw cron jobs that run later in isolated sessions (they will execute booking flows using stored data). If you want scheduled bookings, prefer creating cron jobs yourself or require explicit user confirmation before scheduling. - If you proceed, audit the mcporter package source (npm) and ensure openclaw binary is the official one. Because of these persistent behaviors and the mismatch between declared config paths and the actual instructions, treat this skill as suspicious and limit its privileges (no always:true, do not paste secrets in chat, restrict writes) unless you are comfortable with the risks.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ab6xcn1dmn4zxgta1kf84kd845mnj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🚕 Clawdis
Binsopenclaw, mcporter
EnvDIDI_MCP_KEY
Primary envDIDI_MCP_KEY

Install

Install mcporter (node)
Bins: mcporter
npm i -g mcporter

Comments