ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

User Provision

v0.5.0

在 Office 365(世纪互联)与 Adobe Creative Cloud 批量或单人开户——自动授权、重置密码、发通知邮件。两侧相互独立,用户可选一个或两个。USE WHEN 新增用户, 开户, 新员工开账号, 建账号, 批量开户, provision user, 加 office, 加 adobe, 给...

0· 41·0 current·0 all-time
by@eggyrooch-blip
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The described purpose (provisioning O365 世纪互联 and Adobe UMAPI users) matches the actions in SKILL.md (creating accounts, assigning licenses, sending notification email). However the registry metadata declared no required env vars or credentials while the SKILL.md explicitly requires many sensitive environment variables (Entra CLIENT_ID/CLIENT_SECRET, ADOBE_CLIENT_SECRET, SMTP_PASSWORD, etc.). That metadata/instruction mismatch is a significant incoherence.
!
Instruction Scope
SKILL.md instructs the agent to git clone a third‑party repo, create a .env with secrets, pip install requirements, and run python CLI commands that will call Microsoft/Adobe APIs and send SMTP emails. Those runtime steps are within the stated provisioning purpose, but they require executing external code and accessing many secrets and local paths (repo state files, working dir). The instructions also grant broad discretion to 'check the repo' for implementation details, which increases the agent's freedom to read/execute repository contents.
!
Install Mechanism
There is no formal install spec, but SKILL.md requires cloning and running a GitHub repository (https://github.com/eggyrooch-blip/office365-tools) and pip installing its requirements. Pulling and executing unreviewed code from a third‑party GitHub repo is higher risk than instruction-only behavior; while GitHub is a normal host, the repo is not a recognized official vendor and will write files to disk and install Python packages.
!
Credentials
The environment variables and secrets requested in SKILL.md are proportional to the task (service principals for Entra, Adobe credentials, SMTP creds). However the registry metadata claimed no required env/primary credential—this omission is inconsistent and reduces transparency. Requiring high‑privilege Graph API permissions (User.ReadWrite.All, LicenseAssignment.ReadWrite.All) is expected for provisioning but requires careful least‑privilege configuration and audit.
Persistence & Privilege
always:false and normal autonomous invocation settings are used (no forced always-on). The skill expects to clone a repo and create local state (.env, state/adobe_state.json), which is typical for a CLI-based workflow but means the agent will write persistent files. This is acceptable for the stated task but increases the surface if combined with the other concerns above.
What to consider before installing
This skill will run a third‑party Python CLI (cloning https://github.com/eggyrooch-blip/office365-tools), install packages, and requires many sensitive secrets (Entra/Adobe service creds and SMTP passwords). Before installing: 1) Confirm the registry metadata be updated to list the required env vars and permissions; the current omission is a red flag. 2) Review the GitHub repo source yourself (or have security review it) to ensure no unexpected behavior, hardcoded exfil endpoints, or privilege escalation. 3) Use least‑privilege credentials (service principals scoped only to needed Graph API scopes) and consider short‑lived or scoped secrets; do not reuse high‑privilege admin secrets. 4) Run first in an isolated/test tenant or sandbox. 5) Prefer storing SMTP/secret values in a secrets manager rather than plaintext .env if possible. If you cannot review the repo or obtain corrected metadata, treat this skill as risky and avoid giving it production credentials or enabling unattended/autonomous invocation.

Like a lobster shell, security has layers — review code before you run it.

adobevk97bvd6aaycwwazftpjqkpjckn84wks8creative-cloudvk97bvd6aaycwwazftpjqkpjckn84wks8latestvk97bvd6aaycwwazftpjqkpjckn84wks8office365vk97bvd6aaycwwazftpjqkpjckn84wks8onboardingvk97bvd6aaycwwazftpjqkpjckn84wks8provisionvk97bvd6aaycwwazftpjqkpjckn84wks8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments