Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
返利宝
v1.0.2返利宝统一技能。只按 3 个用户场景工作:S01 授权与教程、S02 链接返利、S03 商品搜索。用户说“返利”“教程”“详细教程”“提现教程”“提现10元”“确认提现”“我已授权”“账户余额”等走 S01;发送淘宝、京东、拼多多商品链接走 S02;表达想买什么商品时走 S03。S03 的职责是提取商品搜索信息,...
⭐ 0· 95·0 current·0 all-time
bywuweizhen@skyfile
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (rebate/link search + product search) aligns with the included scripts: link recognition, product intent extraction, search, adzone lease, rebate link creation and withdraw flows. However the skill includes hardcoded-looking external URLs (xiaomaxiangshenghuo.io.mlj130.com) used for authorization/follow pages and likely a backend API; there is no public homepage or documentation and the registry owner is not recognizable. That lack of transparency about the backend is a notable omission but functionally consistent with the described purpose.
Instruction Scope
SKILL.md requires the agent to call local CLI JS scripts and return the script stdout verbatim (no editing, no summarization). The scripts perform network calls (search, create rebate link, apply withdraw, resolve short links) and may include user-supplied raw messages and links in requests. Because outputs are returned unmodified, any sensitive tokens/URLs produced by those remote APIs would be shown directly to users. The runtime instructions also save pending auth requests and direct users to external auth pages. The scripts do not appear to read unrelated system files or environment variables, but the enforced verbatim relay of script output increases the risk of unintended disclosure.
Install Mechanism
This is instruction-only in terms of registry install spec (no declared install). The package includes many JS files intended to run under node and the SKILL.md documents an npm build step (npm install; npm run build). That build step would pull dependencies at install time if followed. No external binary downloads are specified in the skill metadata, but executing the scripts will cause outbound network requests at runtime. The lack of an explicit, audited install source (and no homepage) reduces transparency.
Credentials
The skill declares no required environment variables or credentials. Internally it manages a local machine code and local openid binding and enforces user-driven OAuth-like flow via external URLs. It does not request unrelated cloud credentials or secret env vars in the manifest. Still, the runtime will transmit user messages (links, queries) to a remote API/backend, which is proportionate for a rebate/link-generation service but should be disclosed to users.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It persists local bindings (machine code and openid) and writes pending auth requests (best-effort) — behavior consistent with an auth flow. There is no evidence it modifies other skills or system-wide configs.
What to consider before installing
This skill appears to implement a rebate/link-generation product and will: 1) call included node scripts, 2) send user-provided messages and product links to a backend service, and 3) instruct users to visit external auth/follow pages (xiaomaxiangshenghuo.io.mlj130.com). Before installing, verify: (a) who operates the backend (there's no homepage or clear owner info in the registry), (b) the exact API endpoints used (check scripts/common.js to find base URLs), and (c) privacy implications—your raw messages, product links, and any tokens returned by the backend may be transmitted or displayed verbatim. If you don't trust the backend domain or operator, do not install. If you proceed, consider running the skill in a controlled environment, inspect network traffic during authorization, and avoid sending any PII you don't want shared with the remote service.Like a lobster shell, security has layers — review code before you run it.
latestvk978b39dapxtwmwhaz0vsenrps84mqz6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.