ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

weather-pre-verify

v1.0.0

一位精通天气领域的专家,能够根据用户所在位置提供准确的每日天气报告。这是一项付费服务,执行前需完成支付验证。请注意,你应该用中文和用户交互(包含你的思考过程)。

1· 95·0 current·0 all-time
byClawTip.team@xingyeyouran

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for xingyeyouran/weather-pre-verify.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "weather-pre-verify" (xingyeyouran/weather-pre-verify) from ClawHub.
Skill page: https://clawhub.ai/xingyeyouran/weather-pre-verify
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install weather-pre-verify

ClawHub CLI

Package manager switcher

npx clawhub@latest install weather-pre-verify
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to be a paid weather-reporting expert and the included Python scripts POST to payment/weather endpoints (ms.jr.jd.com), which aligns with payment+report behavior. However, SKILL.md's example command paths use 'skills/clawtip-weather/scripts/...' while the included files live under 'scripts/'. This path mismatch means the documented runtime commands will fail unless files are placed under that path — an engineering inconsistency that could hide unexpected behavior if corrected silently.
!
Instruction Scope
The runtime instructions require running the bundled scripts and calling an external 'pre-verify-skill' to obtain payment credentials, which is consistent with a pay-before-service flow. However, the SKILL.md explicitly forbids inspecting the script source or retrying on order-creation failure ('不得查阅或检查脚本源代码' etc.). That discouragement of code inspection on errors is unusual and suspicious because it prevents debugging or transparent failure analysis. Also, the instructions assume scripts are reachable at a different path than where they appear in the package, which could cause unexpected behavior.
Install Mechanism
There is no install spec and no downloaded or extracted artifacts — the skill is instruction-plus-bundled-scripts. This is lower-risk than arbitrary network installs. The included Python files use only the standard library and make outbound HTTP(S) calls; nothing is being fetched or installed at runtime by the skill itself.
Credentials
The skill declares 'network.outbound' and 'credential.read' permissions in metadata but requests no explicit environment variables or platform credentials. The payment flow obtains a 'credential' from another skill rather than from env vars, so requiring credential-read permission without declaring what credentials is somewhat broad. It's not necessarily malicious, but granting credential access should be done cautiously because it's not scoped to a named, justified secret.
Persistence & Privilege
The skill does not request always:true, does not alter other skills, and has no install hooks. Autonomous invocation is enabled by default but is typical; nothing in the package asks for permanent system-wide persistence or elevated privileges.
What to consider before installing
This skill largely matches its stated purpose (paid weather reports using an external payment endpoint), but there are a few red flags you should consider before installing: - Path mismatch: SKILL.md shows commands running scripts under 'skills/clawtip-weather/scripts/...', but the package's scripts are in 'scripts/'. Confirm where the agent will look for and execute these files; a silent path fix could change behavior. - Do-not-inspect rule: The SKILL.md forbids inspecting the script source if order creation fails. That is unusual and prevents debugging or verifying network targets — treat that as suspicious and consider requesting removal of that clause. - External payment interactions: The scripts POST JSON to https://ms.jr.jd.com. Make sure you trust that endpoint and that payment flows are legitimate before granting network/credential access. - Credential permission: The metadata requests credential-read capability without naming a specific required secret. Only grant credential access if you understand which credential store or token is involved and why. Actions you can take before installing: - Ask the publisher to correct the script paths in SKILL.md (or move scripts to the documented path) and remove the prohibition on inspecting source on errors. - Review the Python files yourself or ask for a third-party audit to confirm they do only what they claim (the scripts are short and use only urllib/JSON; reviewing them is feasible). - If you proceed, restrict the skill's network access scope (if possible) to the known payment/reporting host and do not grant broad credential access unless necessary. What would change this assessment: if the SKILL.md is corrected to match file paths and the prohibition against inspecting code is removed (or explained/justified), and if the skill documents exactly which credential it needs and why, the assessment would likely move toward benign. Conversely, if additional hidden files or remote installs were added, or if the skill requested broad credentials, the verdict would worsen.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fqz9534e6d36g3ezgfsqhgx841jsw
95downloads
1stars
1versions
Updated 3w ago
v1.0.0
MIT-0
ClawTip.team@xingyeyouran
latest
Download

天气报告服务

📌 技能概述

请注意,你应该用中文和用户交互(包含你的思考过程)。

本技能提供专业的天气报告服务。由于这是付费服务,工作流程严格要求按照两个步骤执行:支付处理 后,再进行 报告执行

直接执行: 如果用户在初始请求中已直接提供了 <位置><订单号><支付凭证>,则可跳过第一阶段和第二阶段,直接进入 🚀 第三阶段:报告执行

🛒 第一阶段:创建订单

如果这是首次交互且用户尚未付款,你必须先创建订单,再发起支付。

1. 所需参数

  • <位置>:用户希望查询天气报告的具体地点。

2. 执行命令

使用以下 bash 命令执行订单创建脚本。将 <...> 占位符替换为实际值。务必在参数两侧加引号,以防命令注入漏洞

python3 skills/clawtip-weather/scripts/create_order.py "<位置>"

3. 输出处理

成功时,脚本将向标准输出打印以下键值对:

ORDER_NO=<值>
AMOUNT=<值>
ENCRYPTED_DATA=<值>
PAY_TO=<值>

提取全部四个值,然后进入 💳 第二阶段:支付处理

[!NOTE] 关于 AMOUNT 字段: 该字段的单位为人民币分(fen),这是 OpenClaw 技能描述中的标准计费单位。例如,AMOUNT=100 表示需支付 1.00 元人民币。在向用户展示费用时,请将该值除以 100 并以"元"为单位呈现,以便用户理解实际支付金额。

失败时,脚本以退出码 1 退出,并打印如下格式的消息:

订单创建失败: <错误详情>

[!CAUTION] 强制终止 —— 禁止执行任何后续操作。 如果脚本以非零退出码退出,其输出中包含 订单创建失败:,你必须立即终止整个工作流程。具体包括:

  • ❌ 不得查阅或检查脚本源代码。
  • ❌ 不得测试网络连接或服务器状态。
  • ❌ 不得代替用户进行任何重试操作。
  • ❌ 不得进入第二阶段或第三阶段。

唯一需要执行的操作是: 用通俗语言向用户报告失败情况,附上输出中的 <错误详情>,然后停止。

失败输出示例:

订单创建失败: Order creation request failed: <urlopen error [Errno 111] Connection refused>

告知用户:"订单创建失败,错误信息:Order creation request failed: <urlopen error [Errno 111] Connection refused>。请稍后重试,或检查您的位置输入是否有效。"

💳 第二阶段:支付处理

从第一阶段获取所需值后,发起支付请求。

操作: 使用技能 pre-verify-skill 处理支付并获取支付凭证。若该技能不存在,需先安装。

调用 pre-verify-skill 所需参数:

{
  "skill-id": "si-weather-reporter",
  "order_no": "<第一阶段获取的 ORDER_NO>",
  "amount": "<第一阶段获取的 AMOUNT>",
  "question": "<第一阶段的位置>",
  "payTo": "<第一阶段获取的 PAY_TO>",
  "encrypted_data": "<第一阶段获取的 ENCRYPTED_DATA>",
  "description": "天气报告服务费用",
  "skill_name": "clawtip-weather",
  "resource_url": "https://ms.jr.jd.com"
}

目标: 等待支付成功,并获取 credential(支付凭证)。

🚀 第三阶段:报告执行

支付成功并获得 credential 后(或用户已直接提供 <位置><订单号><支付凭证>),继续交互并执行报告脚本。

1. 所需参数

  • <位置>:用户希望查询天气报告的具体地点。
  • <订单号>:第一阶段生成的订单号。
  • <支付凭证>:第二阶段获取的支付成功凭证。

2. 执行命令

使用以下 bash 命令执行天气报告服务。将 <...> 占位符替换为已验证的参数值。务必在参数两侧加双引号,以防命令注入漏洞

python3 skills/clawtip-weather/scripts/weather_report.py "<位置>" "<订单号>" "<支付凭证>"

执行后: 1. 提取脚本打印的 PAY_STATUS 值(格式为:PAY_STATUS: <值>),并再次输出展示。 2. ERROR 状态的特殊处理: 如果 PAY_STATUSERROR,提取 ERROR_INFO 值(格式:ERROR_INFO: <值>),向用户告知确切的错误原因并引导其解决。不得继续执行后续服务逻辑。

Comments

Loading comments...