Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Netease Music Pusher
v1.0.0自动验证码登录网易云音乐,获取并定时推送个性化每日推荐和公开榜单歌曲信息。
⭐ 0· 760·2 current·2 all-time
byevan@t-evan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the included Python clients: sending SMS captcha, logging in, fetching personalized daily recommendations and public toplists. Required dependency (cryptography) and use of music.163.com endpoints align with the stated purpose. No unrelated external services or credentials are requested.
Instruction Scope
SKILL.md instructs running scripts from /root/.openclaw/workspace and the code reads/writes /root/.openclaw/workspace/secrets/netease_cookies.json to persist login cookies. The manifest declared no required config paths, so the instructions reference a secrets path that wasn't declared — this is an inconsistency. Also the static scan flagged a 'base64-block' pattern in SKILL.md (possible prompt-injection payload); the visible SKILL.md is mostly benign, but the presence of a base64-like block in the doc should be inspected manually.
Install Mechanism
There is no install spec (instruction-only), and the only installation instruction is 'pip3 install cryptography' which is proportional to the included Python code that uses cryptography primitives. No arbitrary remote downloads or extract steps are present in the package.
Credentials
The skill requests no environment variables or external credentials. It does require the user to provide a phone number and SMS code at runtime (expected). However, it persists cookies to a secrets file under the workspace; these cookies are authentication tokens and should be treated as sensitive. The manifest did not declare this config path, so confirm you are comfortable with the skill storing tokens in the workspace/secrets location.
Persistence & Privilege
always:false and normal autonomous invocation settings. The skill persists login cookies to a workspace secrets file (expected for login flows) but does not request elevated platform privileges or modify other skills. Persisting cookies is normal for this feature, but it increases the attack surface if the workspace/secrets directory is accessible by other components.
Scan Findings in Context
[base64-block] unexpected: The pre-scan detected a base64-block pattern inside SKILL.md. The provided SKILL.md content shown here is primarily plain text and code instructions; a hidden or embedded base64 block could be a prompt-injection or hidden payload. This is unexpected for documentation and should be inspected manually.
What to consider before installing
This skill generally does what it says: it uses SMS captcha to log in to music.163.com, fetches daily recommendations and public charts, and saves login cookies so you don't re-login every time. Before installing: 1) Inspect the included scripts yourself (they're in scripts/) to confirm there are no hidden network endpoints or obfuscated code. 2) Note the skill will write cookies to /root/.openclaw/workspace/secrets/netease_cookies.json — treat that as sensitive and ensure only trusted processes can read that directory. 3) The SKILL.md had a base64-block scan hit — check the SKILL.md for any hidden/encoded content. 4) If you want to limit exposure, run the skill in a sandbox or container, or move the cookies path to a location you control, and confirm file permissions. 5) Because the publisher is unknown, prefer manual execution of the login steps and avoid granting broad autonomous privileges until you verify the code. If you want, I can scan the two script files for any network calls or suspicious constructs in more detail.Like a lobster shell, security has layers — review code before you run it.
latestvk97f67k12ezbssbby0p8j2c4eh81cgs3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.