ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

项目流程管理器

v1.0.0

全流程项目管理工具,用于梳理项目关键节点、管理参与部门与任务排期、跟踪KPI完成度、生成定期报告、发送进度提醒邮件、创建可视化看板。适用于需要结构化项目管理的场景,包括项目启动、里程碑跟踪、跨部门协作、进度汇报、风险预警等。

0· 56·0 current·0 all-time
byJiaming Wang@jimmywangjimmy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (project management) matches the included Python scripts which read/write JSON under projects/, generate boards/reports, and create email drafts. However, the SKILL.md references additional helper scripts and reference docs (import_tasks.py, schedule_reminders.py, export_project.py, references/email-config.md, references/project-templates.md) that are not present in the file manifest — indicating incomplete packaging or stale documentation.
Instruction Scope
Runtime instructions direct the agent/user to run the provided scripts which operate on local files (projects/, reports/, boards/, emails/). The scripts do not access network endpoints or environment variables. They do write files to the working directory. The instructions mention configuring SMTP for automatic sending, but no SMTP-configuring script or email-config reference is included; send_reminder.py only writes an email draft to disk and does not send messages.
Install Mechanism
There is no install spec (instruction-only at registry level) and no external downloads. All functionality is provided by included Python scripts. No installers or remote artifacts are fetched.
Credentials
The skill declares no required environment variables or credentials (none in requires.env). SKILL.md mentions SMTP configuration for sending emails, but no env vars or config files are declared or included for SMTP — if you enable SMTP later you will need to provide credentials (not requested by the skill upfront).
Persistence & Privilege
always is false and the skill does not request persistent platform privileges. It only reads/writes files under local directories it creates (projects/, reports/, boards/, emails/). It does not modify other skills or system-wide configuration.
What to consider before installing
This package appears to be a local, file-based project manager and the included scripts are readable Python that create/modify files in projects/, reports/, boards/, and emails/. Before installing or running: - Note missing items: the SKILL.md mentions helper scripts (import_tasks.py, schedule_reminders.py, export_project.py) and docs (references/email-config.md, references/project-templates.md) that are not included — expect incomplete functionality or stale docs. - The send_reminder script only writes an email draft to disk; automatic SMTP sending is not implemented here. If you later add SMTP sending, you will need to supply credentials — store them securely and verify what code uses them. - All scripts operate locally and do not perform network I/O in the included code, so direct remote exfiltration isn't present in these files. Still, review any future modifications or added scripts for SMTP/network use before running. - Because this is instruction/code from an unknown source, consider inspecting the code locally and running it in a restricted environment (container or VM) if you plan to run it against real project data. If you need the missing scripts/features, request the author or vendor for a complete package and for instructions on secure SMTP configuration.

Like a lobster shell, security has layers — review code before you run it.

latestvk972bfk3z1mynxp8dyf1zkknw984e7zz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments