ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

zijiyong

v1.0.1

Use when the user mentions wos, WOS, WoS, or Web of Science and wants topic-based literature search, Shenzhen University library login, paper screening, abst...

0· 37·0 current·0 all-time
by@samadhifire·duplicate of @samadhifire/aaa
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill is clearly intended to search Web of Science via the Shenzhen University library and write results into Feishu Base using a local lark-cli; that purpose is coherent with the description. However, the runtime instructions depend on local tooling (lark-cli, optionally playwright-cli/playwright-cli skill) and access to the user's SZU login, yet the skill metadata declares no required binaries or credentials. The absence of declared required binaries (lark-cli, browser automation) is an incoherence that could surprise users or lead the agent to attempt commands that will fail or prompt for credentials unexpectedly. Also the SKILL contains a hardcoded default SZU username (2410032057), which appears tailored to a specific user/workflow and is unexpected in a generic published skill.
Instruction Scope
SKILL.md and the playbook tightly specify asking preflight questions, building WoS queries, pausing for second-factor verification, and performing local lark-cli commands to create/update Feishu Base records. These instructions stay within the advertised purpose (WoS -> Feishu), but they intentionally require accessing the user's local CLI, local file paths, and the user's Shenzhen University credentials (runtime-only). That behavior is reasonable for the task, but because the skill will direct the agent to run local commands and potentially ask for credentials, the user should be aware and confirm those steps. The hardcoded SZU username is an unexpected detail and could be a privacy/leak concern.
Install Mechanism
This is an instruction-only skill with no install spec, so nothing will be written to disk by the skill package itself (low install risk). However, the runtime steps assume the presence and correct configuration of external CLI tools (lark-cli and possibly playwright-cli). Because these binaries are not declared in the skill metadata, the agent may fail or prompt the user to install them. No external download URLs or install scripts are present in the repo.
Credentials
The skill declares no required environment variables or credentials, and it does not request unrelated service keys. It does instruct the agent to ask the user for SZU login credentials at runtime (and to treat them as transient), which is proportionate to the stated purpose. Still, the presence of a specific default username (2410032057) is unusual and should be confirmed with the skill author or removed. There is no evidence the skill would exfiltrate other environment variables, but the agent will interact with local CLIs that hold the user's Feishu authorization state, so the user should confirm the local CLIs are trusted.
Persistence & Privilege
The skill does not request permanent presence (always: false) and does not declare modifications to other skills or global agent settings. It explicitly instructs not to persist passwords or verification codes and to treat credentials as runtime-only. Autonomous invocation is allowed by default (disable-model-invocation: false), which is normal; this is not combined with other high-risk flags.
What to consider before installing
This skill appears to do what it says (search WoS via the Shenzhen University route and write to Feishu via local lark-cli), but there are a few things to check before installing/using it: - Confirm you trust the skill's source: there is no homepage or repository link and the owner is unknown. Prefer skills with clear provenance. - The runtime needs local tools (lark-cli and possibly a playwright-cli). The skill metadata lists no required binaries — verify those CLIs are installed and configured locally before use. The skill will run lark-cli commands that can read or modify your Feishu Base via your local CLI session. - The skill asks for Shenzhen University (SZU) login credentials and will pause for 2FA; do not share persistent passwords. The SKILL includes a hardcoded default SZU username (2410032057) — ask the author why that value is present and remove it if it is unrelated to you. - Because the skill runs local commands and interacts with third-party sites (SZU auth, WoS, Feishu via lark-cli), only proceed if you are comfortable providing the necessary runtime credentials and have verified the local tooling is trustworthy and properly scoped. If you want to proceed: ask the skill author to (1) declare required binaries (lark-cli, playwright-cli if used), (2) remove or explain any hardcoded personal identifiers, and (3) provide a source or homepage so you can verify provenance. If these are not available, treat the skill as higher-risk and prefer manual execution of the described workflow instead.

Like a lobster shell, security has layers — review code before you run it.

latestvk9744ke6qqttcesdxfy3gxe1r184sbmr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments