ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

fn-knock MCP Server

v1.0.1

Manage fn-knock gateway via its admin API — reverse proxy, DDNS, SSL/ACME, tunnels (FRP/Cloudflared), scanner, whitelist, and more. Requires fn-knock running...

0· 18·0 current·0 all-time
by@kci-lnk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill claims to manage fn-knock via its admin API and all declared requirements (python3, optional FN_KNOCK_HMAC_SECRET, access to localhost:7998) are coherent with that purpose. There are no unrelated credential requests or external service tokens demanded by the SKILL.md.
Instruction Scope
The SKILL.md instructs running a Python MCP server and resolving the HMAC secret using env var, a credential file, or 'automatic detection' by fetching/parsing the local fn-knock web UI. Automatic HTML/header scraping of localhost is within the skill's stated purpose, but it is a sensitive action (it reads a secret). The docs also instruct the user to inspect browser DevTools to find headers/secret — this is manual guidance but signals the server will need access to that secret at runtime.
Install Mechanism
This is an instruction-only skill (no install spec), so nothing is written to disk by the skill itself. The README tells users to pip install packages (mcp, requests) and run python -m fn_knock_mcp.server. Installing third‑party PyPI packages is normal for a Python tool but has inherent supply-chain risk; the skill does not pin or provide a trusted upstream URL or checksum.
Credentials
The skill doesn't require unrelated credentials. It recommends FN_KNOCK_HMAC_SECRET and FN_KNOCK_BASE_URL which are appropriate for authenticating to the admin API. The automatic-secret-detection mode reduces the explicit need to set an env var but increases the chance the assistant will access/parse local endpoints to obtain secrets — this is proportional to the admin task but should be treated as sensitive.
Persistence & Privilege
The skill does not request always: true and does not instruct modifying other skills or system-wide settings beyond adding its own MCP server entry to OpenClaw config. That behavior is expected for an MCP server plugin and is proportionate.
Assessment
This skill appears to do what it says: manage a local fn-knock admin API. Before installing or enabling it, consider the following: 1) Secrets: supply the FN_KNOCK_HMAC_SECRET yourself (env var or credential file) rather than relying on the 'automatic detection' option so the assistant/tool does not fetch and parse local pages to find secrets. 2) Package install: the SKILL.md tells you to pip install 'mcp' and 'requests' — verify the package source and name on PyPI (or install from a vetted source). 3) Network exposure: running python -m fn_knock_mcp.server will start a process that talks to your local fn-knock admin API; ensure it is bound to localhost and not exposed to untrusted networks. 4) Least privilege: grant only the minimum necessary access (local host only) and keep the credential file permissions restricted (chmod 600) as suggested. 5) If you do not trust automatic agent actions, disable autonomous invocation or require explicit user approval before the assistant runs the MCP server or attempts secret auto-detection. If you want higher assurance, request the skill's source (PyPI project or repository) and a pinned release before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cmfggrs2hydmjsa7hfqzps184d59n

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌐 Clawdis
OSLinux
Any binpython3

Comments