Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
onebot
v1.0.3通过 OneBot HTTP API 使用本地命令(curl)发送 QQ 私聊或群消息。
⭐ 0· 192·0 current·0 all-time
by@jqllxew
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes sending OneBot HTTP API requests via local curl, which matches the name/description. However the registry metadata does not declare curl as a required binary and does not declare any primary credential (the OneBot Authorization token is central to operation). This metadata omission is an incoherence: a legitimate OneBot sender would normally list curl and/or a primaryEnv for the token.
Instruction Scope
The instructions tell the agent to construct and run local curl commands that will contact a host:port provided by the user or discovered (127.0.0.1, docker container IP, or other). That implies arbitrary network access from the host where the agent runs. The doc also suggests validating docker container IPs and checking whether Authorization is needed — this could lead to actions beyond simply formatting a message (e.g., inspecting local docker, contacting remote hosts). The SKILL.md claims 'only generate OneBot-related curl commands' but does not technically constrain execution or local discovery steps, leaving room for scope creep or unintended data access.
Install Mechanism
This is an instruction-only skill (no install spec), which is low friction. However SKILL.md lists curl as a dependency while the registry reported no required binaries — metadata should be corrected to include curl to avoid surprises.
Credentials
The skill uses an Authorization: Bearer {token} header in examples and explicitly says to ask the user for the token when contacting non-local hosts, but the registry declares no required env vars or primary credential. Not declaring the token in primaryEnv is inconsistent and makes it unclear how the agent should obtain/secure the credential. The skill may prompt the user for a secret at runtime; that is expected, but the metadata should reflect it.
Persistence & Privilege
Skill does not request always:true, does not install or persist files, and is user-invocable. It does allow the agent to make outbound HTTP requests (via curl) when invoked, which is consistent with its purpose.
What to consider before installing
This skill appears to do what it advertises (format and send OneBot curl requests), but there are a few inconsistencies you should consider before installing or using it:
- Metadata omissions: the SKILL.md requires curl and an API token, but the registry metadata does not list curl as a required binary nor declare a primary credential. Ask the author to update metadata to include 'curl' and a primaryEnv for the OneBot token.
- Network and local access: the skill will run curl against host:port values you provide (and suggests checking docker/127.0.0.1). Only provide hosts and tokens you trust; avoid giving tokens for services you don't want the agent to contact.
- Secrets handling: the skill will prompt for an Authorization token if needed. Prefer configuring tokens in a secure place rather than pasting them into chat if you are concerned about exposure.
- Local files: examples allow sending CQ file/image tokens that reference URLs or local paths — be cautious about allowing the agent to reference local file paths if you don't want local data referenced or sent.
If you proceed: ask the publisher to correct the metadata, and limit the token/host you provide to the minimum scope required. If you prefer not to allow the agent to perform outbound requests autonomously, disable model invocation for this skill or only invoke it manually.Like a lobster shell, security has layers — review code before you run it.
latestvk97c6r3nmps806jkjzw7arj81h84m65p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.