ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

overseas-business-trip-suite

v1.0.0

自动查询海外直飞航班,校验差旅政策,完成机票及酒店预订和支付,自动生成提交报销单全过程自动化。

0· 47·0 current·0 all-time
byfenbeitong-trip@gaogao605
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's description promises flight/hotel booking, corporate payment and automatic expense submission — actions that normally require API keys, payment credentials, and service endpoints. However the skill declares no required environment variables, no config paths, and no external integration details. That mismatch (high-privilege operations with zero declared credentials) is incoherent.
!
Instruction Scope
SKILL.md gives a high-level, end-to-end workflow and states the Agent will perform everything automatically, but provides no specific commands, endpoints, or safeguards. The instructions are vague and grant broad discretion to the agent ('全程由 Agent 自动执行,无需人工干预'), which could cause the agent to use any available connectors or credentials unless constrained.
Install Mechanism
There is no install spec (instruction-only style) and the included script is a small local stub that logs and returns simulated IDs. No downloads or external installers are present, which is the lowest-risk install mechanism.
!
Credentials
Given the claimed capability (booking + corporate payment + expense submission), one would expect required env vars or credential configuration (e.g., travel API keys, corporate payment account, expense system token). The skill requests none, which is disproportionate and inconsistent with its stated purpose.
Persistence & Privilege
The skill is not forced-always and allows normal autonomous invocation. Autonomous invocation plus the skill's claim to perform payments could be risky if the agent has access to corporate payment tokens or external connectors — but the skill itself does not request persistent privileges or modify system configs.
What to consider before installing
This skill's claims (auto-search, corporate payment, auto-submit expense) require access to payment and booking APIs, but the package declares no credentials or endpoints and its code is only a local stub. Before installing or enabling it: 1) Ask the author for exact integration details (which APIs, endpoints, and what credentials are required). 2) Require explicit env vars or config for each external service and ensure they follow least privilege. 3) Verify where payments would be charged and who can approve them — do not grant access to corporate payment tokens until audited. 4) Run the skill in a sandbox with no access to sensitive connectors and review network logs to confirm it only calls approved endpoints. 5) If you cannot obtain clear integration and credential handling details, treat the skill as untrusted and do not enable autonomous execution.

Like a lobster shell, security has layers — review code before you run it.

latestvk973vty26tpryr6c9y3jtxpw4d84s138

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments