ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw Capture

Wrap a local openclaw_capture_workflow checkout as an OpenClaw/ClawHub skill that captures links, text, images, and videos, routes STT by platform, and fans...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 12 · 0 current installs · 0 all-time installs
byWu Bo Yu@Etherstrings
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The code and SKILL.md match the described purpose (wrapping a local openclaw_capture_workflow and fanning out results). However the registry metadata claims no required env vars/config paths while the SKILL.md and code require many environment settings (model API key, Telegram bot token, Feishu webhook, legacy project root, backend mode/URL, etc.) and will read legacy project files. That mismatch is an incoherence that could mislead users about secrets the skill needs.
Instruction Scope
SKILL.md instructs the agent to normalize a payload and run scripts/dispatch_capture.py (or pipe JSON). The runtime will import and execute the local openclaw_capture_workflow code (library mode) or POST to a backend (http mode), call external model APIs, and send requests to Telegram/Feishu webhooks. It may also execute a user-provided local STT CLI command via subprocess. These actions are within the skill's purpose, but they entail reading local project files, creating state/artifact directories, writing notes to an Obsidian vault, and making network calls — all of which the user should expect and review.
Install Mechanism
No install spec; code is bundled with the skill and nothing is downloaded or executed at install. This minimizes supply-chain risk from remote installs.
!
Credentials
The SKILL.md and code require multiple environment variables that are sensitive (OPENCLAW_CAPTURE_MODEL_API_KEY, OPENCLAW_CAPTURE_TELEGRAM_BOT_TOKEN, OPENCLAW_CAPTURE_FEISHU_WEBHOOK, etc.) and config paths (OPENCLAW_CAPTURE_LEGACY_PROJECT_ROOT). The registry metadata incorrectly lists 'Required env vars: none' which under-represents required secrets and configuration. The number and sensitivity of env vars is proportionate to the stated functionality, but the metadata mismatch and lack of explicit required-secret declaration is a red flag.
Persistence & Privilege
always:false (no forced global inclusion). The skill writes state and artifacts under its state_dir (default: skill_root/.state) and the legacy workflow may write into the user's Obsidian vault or other legacy paths; it also imports and executes code from a local checkout. These are expected for a capture/archiving tool but are persistent filesystem effects and should be considered when granting the skill access.
What to consider before installing
Key points to consider before installing/using this skill: - Metadata mismatch: The registry lists no required env vars, but SKILL.md and the code require several sensitive environment variables (model API key, Telegram bot token, Feishu webhook) and may read legacy config files. Treat the SKILL.md as authoritative and do not assume the registry metadata is complete. - Secrets and network calls: The skill will send data to external endpoints (model API base, Telegram API, Feishu webhook). Only provide API keys and tokens you trust the code to use. If you cannot review the receiving endpoints (for example aiHubMix), do not set the keys. - Local code import and execution: In library mode the skill inserts your legacy project's src onto PYTHONPATH and imports openclaw_capture_workflow — that import executes code from the local repo. Only enable library mode if you trust the local repository contents. Review the local repo before use. - Subprocess execution: If you set OPENCLAW_CAPTURE_LOCAL_STT_COMMAND, the skill will format and run that command (via shlex.split and subprocess.run). Avoid putting untrusted templated shell constructs in that variable; it can execute arbitrary commands. - Filesystem writes: The skill creates state and artifact directories and (via the legacy workflow) may write notes into an Obsidian vault or other local paths. Ensure state_dir and vault paths are acceptable and isolated if needed. - Mitigations: run in an isolated environment (container or dedicated account), review the bundled scripts and any local openclaw_capture_workflow checkout, avoid exposing high-privilege credentials, and prefer HTTP backend mode to isolate execution from importing local code if you cannot audit the local repo. If you want, I can (1) point out the exact lines that read/write files or make network calls, (2) list all environment variables the code actually reads, or (3) summarize the security implications of running in library vs http backend mode.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.0
Download zip
latestvk979evn27cd5yv60fkss74gtfn8306m4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

OpenClaw Capture

Use this skill when the user wants to send a link, pasted text, image, or video into the local openclaw_capture_workflow backend without modifying that repo, while choosing STT and notification modules by environment.

Behavior

  1. Normalize the request into the legacy payload contract:
    • chat_id
    • reply_to_message_id
    • request_id
    • source_kind
    • source_url
    • raw_text
    • image_refs
    • platform_hint
    • requested_output_lang
  2. Immediately tell the user: 已收到,开始处理。
  3. Dispatch the payload through the wrapper runtime:
python3 scripts/dispatch_capture.py --payload-file /path/to/payload.json

You may also pipe JSON through stdin:

python3 scripts/dispatch_capture.py <<'JSON'
{"chat_id":"-1001","source_kind":"url","source_url":"https://example.com"}
JSON

Routing Rules

  • Keep the payload contract unchanged from the legacy workflow.
  • For mixed, preserve URL, pasted text, and images together.
  • STT profile resolves as:
    • macOS -> mac_local_first
    • non-macOS with OPENCLAW_CAPTURE_LOCAL_STT_COMMAND -> local_cli_then_remote
    • otherwise -> remote_only
  • Output modules resolve from OPENCLAW_CAPTURE_OUTPUTS:
    • telegram
    • feishu

Required Environment

  • OPENCLAW_CAPTURE_LEGACY_PROJECT_ROOT should point to the local openclaw_capture_workflow checkout when this skill is not being run from the source repo.
  • OPENCLAW_CAPTURE_BACKEND_MODE=library|http
  • OPENCLAW_CAPTURE_BACKEND_URL when BACKEND_MODE=http
  • OPENCLAW_CAPTURE_STT_PROFILE=mac_local_first|local_cli_then_remote|remote_only to override the default routing
  • OPENCLAW_CAPTURE_LOCAL_STT_COMMAND for non-mac local CLI transcription fallback
  • OPENCLAW_CAPTURE_MODEL_PROFILE=openai_direct|aihubmix_gateway
  • OPENCLAW_CAPTURE_MODEL_API_BASE_URL
  • OPENCLAW_CAPTURE_MODEL_API_KEY
  • OPENCLAW_CAPTURE_OUTPUTS=telegram,feishu
  • OPENCLAW_CAPTURE_TELEGRAM_BOT_TOKEN
  • OPENCLAW_CAPTURE_FEISHU_WEBHOOK

References

Do not manually summarize after dispatch succeeds unless the user explicitly asks for an inline summary.

Files

17 total
Select a file
Select a file to preview.

Comments

Loading comments…