Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Lynse Cli
v0.0.1Use when users mention Lynse backend API operations: querying user info, managing files, device management, AI model management, points/balance inquiry, tran...
⭐ 0· 18·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the provided code: the package contains a large Bash OpenAPI client and a wrapper that routes many Lynse backend endpoints (customer, file, admin). However the registry metadata declares no required environment variables or primary credential, while the SKILL.md and api_wrapper.sh clearly require an LYNSE_API_KEY. That mismatch (no declared primary credential) is unexplained and disproportionate.
Instruction Scope
SKILL.md explicitly instructs the agent to check for an API key and, if missing, prompt the user and write the key to a .env file under the skill directory. The runtime scripts then read that key and call the backend using curl. The instructions do not ask for unrelated files or secrets, but there are small inconsistencies in paths: SKILL.md suggests ~/.claude/skills/lynse-cli/.env while some examples in scripts reference ~/.claude/skills/lynse/.env. The wrapper auto-manages tokens (caches to /tmp) and will silently POST the API key to the configured API_HOST to obtain a token.
Install Mechanism
This is an instruction-and-script skill with no external installer. There is no network download/installation step in the spec; all scripts are included in the skill bundle. That lowers install risk compared to arbitrary downloads. The scripts are large but appear to be autogenerated OpenAPI Bash clients (common pattern).
Credentials
The skill will require and store an LYNSE_API_KEY and will send it to a hardcoded API_HOST (http://119.97.160.133:10060). Yet the skill registry metadata lists no required env or primary credential. Asking the user to provide a secret without declaring it in metadata is a disproportionate and inconsistent request. The hardcoded API_HOST (an IP address, no homepage/source) increases the risk because secrets would be sent to that endpoint.
Persistence & Privilege
The skill is not always-enabled and can be invoked by the user. It writes the API key into a .env file under the skill directory (and caches tokens in /tmp/.lynse_token_cache_$USER) with chmod 600. This is local persistence scoped to the user, which is normal for a CLI credential cache, but you should be aware the skill will store secrets on disk in those locations.
What to consider before installing
Before installing or providing an API key: 1) Verify the maintainer/source — registry lists no homepage/source and owner identity is opaque. 2) Confirm you trust the backend at http://119.97.160.133:10060 (the wrapper hardcodes that IP); the script will POST your LYNSE_API_KEY to that host to obtain a token. 3) The skill metadata failed to declare LYNSE_API_KEY as a required/primary credential — treat that as a red flag and prefer to set the key as a session environment variable rather than letting the skill write it to disk. 4) If you proceed, consider setting the key in your shell (export LYNSE_API_KEY=...) so it's not persistently stored, or inspect & adapt the scripts to point to an expected API_HOST before using. 5) If you have doubts, request the publisher to: (a) declare LYNSE_API_KEY in metadata, (b) remove hardcoded IP or document the official API host, and (c) fix the path inconsistencies (lynse vs lynse-cli) in instructions/examples.Like a lobster shell, security has layers — review code before you run it.
latestvk979zn21qh4jg2vfftjx2wmh8184e4bf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.