ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Wechat Search

v1.0.3

Search WeChat Official Account articles using OpenClaw's web search, Tavily API, and web fetch capabilities with compliance-focused design.

8· 2.8k·21 current·24 all-time
byJixson@jixsonwang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The description and SKILL.md claim use of OpenClaw web tools and Tavily as optional, but the packaged Python code actually requires a TAVILY_API_KEY, invokes Node.js scripts, and calls the 'openclaw' CLI. The registry metadata lists no required env vars or binaries, so the actual capabilities (need for Node and OpenClaw CLI, and access to Tavily) are not reflected in the declared requirements. The code also hardcodes absolute paths (/root/.openclaw/workspace/skills/...), which implies cross-skill or privileged assumptions that don't match the stated purpose.
!
Instruction Scope
SKILL.md describes a three-layer strategy and mentions web_search/web_fetch tools and optional API keys, but the code performs additional actions not clearly documented: it reads ~/.openclaw/tavily-config.json as a fallback, and directly executes a Node.js script at an absolute workspace path. The instructions do not document executing other skills' scripts or requiring Node/OpenClaw binaries, giving the agent broader runtime actions than advertised.
Install Mechanism
There is no install spec (instruction-only), so nothing is automatically downloaded or installed by the skill bundle itself. That lowers disk-write risk. However, the runtime relies on external binaries (node, openclaw) being present; those are not installed by the skill.
!
Credentials
The package metadata declares no required environment variables, yet multiple code paths demand TAVILY_API_KEY (and attempt to load it from ~/.openclaw/tavily-config.json). This is a mismatch: a credential is effectively required but not declared. The skill also inherits the process environment when invoking subprocesses, so it could leak additional env vars to child processes if present.
!
Persistence & Privilege
The skill is not marked always:true and does not persistently modify system config, which is good. However it executes other-skill code by invoking a hardcoded Node script in /root/.openclaw/workspace/skills/tavily-search/scripts/search.mjs and calls the OpenClaw CLI; this means it assumes and acts on workspace files belonging to other skills/runtime and can execute arbitrary code there. Accessing/executing other skills' files is a cross-skill privilege that the SKILL.md and metadata do not disclose.
What to consider before installing
This skill contains mismatches and runtime assumptions you should verify before installing. Specific concerns: - The code expects a TAVILY_API_KEY (and falls back to ~/.openclaw/tavily-config.json) but the skill metadata does not declare this required credential — if you enable the skill and set that env var it will be used by subprocesses. Only provide secrets you trust the skill to use and declare. - The Python code invokes external binaries (node and the OpenClaw CLI) via subprocess; ensure those binaries exist and are the versions you expect. If you don't run node or OpenClaw in the environment, the skill may fail or behave unexpectedly. - The code executes a Node.js script via an absolute path in /root/.openclaw/workspace/skills/... — that means the skill will run code from other skill workspaces. Before enabling, inspect the referenced script (search.mjs) and any other code under that path to ensure it is safe and hasn't been tampered with. - Because the skill spawns subprocesses, it can pass environment variables to child processes. Avoid installing it in environments containing sensitive credentials unless you audited the invoked scripts. Recommended actions: - Ask the publisher to update the registry metadata and SKILL.md to explicitly declare required env vars (TAVILY_API_KEY), required binaries (node, openclaw), and any expected config file paths. - Inspect the referenced Node script (/root/.openclaw/workspace/skills/tavily-search/scripts/search.mjs) and confirm its provenance before allowing the skill to run it. - If possible, run the skill in a sandboxed environment (container) without access to sensitive environment variables or host files until you are comfortable. - If you cannot inspect or sandbox the invoked Node script and you need to keep your environment sealed, do not install or enable this skill. Confidence: high — the mismatch between declared metadata/instructions and the actual code paths (undisclosed env var use, subprocess execution of other-skill scripts, absolute paths) is clear and material.

Like a lobster shell, security has layers — review code before you run it.

latestvk97brndpx6ctnc7agypkknjc4d80v16q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments