Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw Web Chat Pro
v1.0.0生产级AI聊天网页应用,支持多模型、流式输出、会话持久化和导出,含文件上传、语音及多设备同步等高级功能。
⭐ 0· 676·2 current·2 all-time
by@qqkzlm
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code, dependencies (express, socket.io) and public UI files align with a web chat app. However the root package.json includes a postinstall script that copies public/* into ~/.openclaw/workspace/chat-web/public/, which is outside this skill's own folder and not documented in SKILL.md; that cross-workspace write is disproportionate to the described purpose.
Instruction Scope
SKILL.md instructs users to run npm install and npm start but does not mention the postinstall action that will copy files into the user's ~/.openclaw workspace. Running npm install therefore has side effects not disclosed in the runtime instructions.
Install Mechanism
There is no external download URL, but npm install will run scripts. The root package.json defines postinstall that performs a cp -r public/* to ~/.openclaw/workspace/chat-web/public/ (writing into home). The src/package.json declares an install script (chmod +x install.sh && ./install.sh) and a postinstall node postinstall.js, but neither install.sh nor postinstall.js appear in the provided file list — this mismatch increases risk because referenced install-time scripts are not visible in the manifest.
Credentials
Registry metadata declares no required env vars, but SKILL.md asks users to create a .env with PORT, PASSWORD and ALLOWED_ORIGINS. Defaults (PASSWORD=admin123, ALLOWED_ORIGINS=*) are insecure and not emphasized in the manifest; no external API keys or unrelated credentials are requested.
Persistence & Privilege
The package does not request platform 'always' privilege, but the postinstall copy writes into ~/.openclaw/workspace/chat-web/public — modifying another workspace's files/config is a privilege escalation across skills and may persist files beyond this skill's directory. This behavior is not documented in SKILL.md.
What to consider before installing
What to check before installing:
- Inspect package.json scripts: the root postinstall runs `cp -r public/* ~/.openclaw/workspace/chat-web/public/`. Decide whether you want files copied into that path; back up ~/.openclaw/workspace/chat-web/public beforehand.
- Audit install-time scripts: src/package.json references `install.sh` and `postinstall.js` but those files aren't listed — confirm they aren't present or malicious before running npm install.
- Review src/server-v15.js for any outbound network calls, telemetry, or hidden endpoints (send logs/credentials out). If you can't audit the file, run in an isolated VM or container.
- Change the default PASSWORD (admin123) and avoid ALLOWED_ORIGINS=* in .env; enforce a strong password and restrict CORS to trusted origins.
- To avoid unintended postinstall actions, consider running npm install with scripts disabled (e.g., npm install --ignore-scripts) while you inspect files, or inspect the package contents in a sandbox.
- If you need private/production use, prefer deploying only after full code review; for casual testing run inside a disposable environment.
If you cannot validate the install-time scripts and server code, treat this package as higher risk and do not install on a production machine.Like a lobster shell, security has layers — review code before you run it.
aivk971q3429456jta79ztsawxvq581n9r4chatvk971q3429456jta79ztsawxvq581n9r4latestvk971q3429456jta79ztsawxvq581n9r4webvk971q3429456jta79ztsawxvq581n9r4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.