ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

japan-korea市场政策查询Skill

v1.0.0

提供日韩市场政策、法规及投资环境的智能查询与分析,支持多语言和多数据源配置。

0· 64·0 current·0 all-time
by@yezhaowang888-stack

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for yezhaowang888-stack/huimai-japan-korea-policy.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "japan-korea市场政策查询Skill" (yezhaowang888-stack/huimai-japan-korea-policy) from ClawHub.
Skill page: https://clawhub.ai/yezhaowang888-stack/huimai-japan-korea-policy
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install huimai-japan-korea-policy

ClawHub CLI

Package manager switcher

npx clawhub@latest install huimai-japan-korea-policy
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name, README, and SKILL.md all describe a policy-query/analysis skill for Japan/Korea and recommend configuring external data sources (API keys). The actual index.js is a self-contained, simulated implementation that does not call external APIs or require credentials. That is coherent with a stub/demo but inconsistent with claims about DeepSeek v4 integration and live data collection.
Instruction Scope
SKILL.md contains ordinary installation and configuration instructions and recommends storing data-source credentials in environment variables. It does not instruct the agent to read unrelated system files or exfiltrate data. However, the skill metadata lists no required env vars while README/SKILL.md recommend several (INVESTMENT_API_KEY, TRADE_API_KEY, etc.), creating a discrepancy between instructions and declared requirements.
Install Mechanism
No install spec is present (instruction-only), and package suggests an npm package name. There are no downloads from arbitrary URLs or extract operations. This is low-risk from an install-mechanism standpoint.
!
Credentials
The package and documentation expect API keys for multiple data sources (investment, trade, tax, labor, environment), but the skill manifest declares no required environment variables or primary credential. That mismatch may lead users to supply sensitive credentials without a clear manifest-level justification. The code itself currently uses placeholder strings (no immediate exfiltration), but supplying real keys would be necessary for live use — verify where and how keys are used before providing them.
Persistence & Privilege
always is false and the skill does not request persistent or cross-skill privileges. There is no code that modifies other skills or system-wide configuration.
What to consider before installing
This package appears to be a demo/stub rather than a fully integrated data connector. Before installing or providing API keys: 1) Review index.js — it returns simulated data and currently contains coding errors (bad browser-export identifier and placeholder strings) so it may not behave as advertised. 2) Do not supply real API keys until you confirm where they will be used; the manifest declares no required env vars even though README/SKILL.md mention many (INVESTMENT_API_KEY, TRADE_API_KEY, etc.). 3) Run the package in a sandbox or isolated environment first and inspect network activity to ensure it only contacts the data sources you expect. 4) If you need a production connector, request evidence of maintained code (fixes for naming/typo issues, real integration tests, a homepage or repository) or prefer a package with documented, auditable external integrations. If you are not comfortable auditing code yourself, avoid supplying sensitive credentials to this skill.

Like a lobster shell, security has layers — review code before you run it.

huimaivk97ezysertqe5vzjm60jxxkxnn85ekjjjapan-koreavk97ezysertqe5vzjm60jxxkxnn85ekjjlatestvk97ezysertqe5vzjm60jxxkxnn85ekjjpolicyvk97ezysertqe5vzjm60jxxkxnn85ekjj
64downloads
0stars
1versions
Updated 4d ago
v1.0.0
MIT-0
@yezhaowang888-stack
huimaijapan-korealatestpolicy
Download

日韩市场政策查询Skill

🚀 概述

基于惠迈智能体三层架构的政策查询框架,提供日韩市场政策、法规、投资环境的智能查询和分析。

🌟 核心亮点

  • 惠迈智能体协作:基于惠迈三层智能体架构,支持多源数据整合
  • 惠迈智能体协作:基于惠迈三层智能体架构,确保数据准确性和实时性
  • 多语言支持:支持中文、英文等多种语言
  • 数据源可配置:灵活配置不同数据源,适应各种业务需求

🔧 技术特性

多语言支持

  • 中文(简体)
  • 英文(美国)
  • 自动语言检测和切换

数据源配置

{
  dataSources: {
    investment: '[请替换为您的日韩投资政策数据源]',
    trade: '[请替换为您的日韩贸易法规数据源]',
    // ... 其他数据源
  }
}

📦 安装

# 通过ClawHub安装
clawhub install japan-korea-policy-query

# 或手动安装
npm install japan-korea-policy-query

🔒 安全使用指南

  1. 数据源配置:使用环境变量管理敏感数据源信息
  2. API密钥:不要将真实API密钥写入代码
  3. 权限控制:为数据源配置最小必要权限

支持

如有问题,请提交Issue或联系维护团队。

惠迈智能体:让全球业务变得简单

Comments

Loading comments...