Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
咸鱼自动发货
v0.0.1闲鱼自动发货监控。使用 agent-browser 自动检查闲鱼新消息,检测付款订单并自动发货。触发词:闲鱼发货、闲鱼监控、闲鱼自动化、xianyu、自动发货。
⭐ 3· 433·0 current·0 all-time
byBijin@sliverp
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the instructions: monitoring chat, detecting paid orders and sending fulfillment messages. The capabilities requested in SKILL.md (browser automation, reading local files, calling APIs) are plausible for this purpose, but the skill metadata declares no required env/config while the instructions explicitly rely on local Chrome profiles and local secret pools — an omission worth noting.
Instruction Scope
The instructions tell the agent to reuse the main Chrome profile, read local txt key pools (delete lines after use), and call user-provided APIs (curl). Those actions allow access to browser cookies, session tokens, filesystem secrets, and arbitrary network endpoints. There are no safeguards in the prose to prevent accidental exfiltration (e.g., validating destinations or sanitizing output) and little guidance to prevent sending incorrect/secret content to buyers.
Install Mechanism
This is instruction-only (no install spec, no code files). That minimizes supply-chain risk because nothing is downloaded or written by an installer step.
Credentials
The skill declares no required env vars or credentials, yet instructs use of a main Chrome profile path and local secret files and external API calls. Those are effectively requests for high-value local secrets and session data but are not represented in the metadata, creating a transparency gap.
Persistence & Privilege
always is false (normal). The skill recommends scheduling a recurring cron job that must run in the 'main' session to reuse the browser profile — this increases runtime access to persistent browser credentials. Autonomous invocation is permitted (default), which expands blast radius if misconfigured, but autonomous invocation alone is expected for skills.
Scan Findings in Context
[none] unexpected: The static scanner found no code to analyze (instruction-only skill). Absence of findings is not evidence of safety; the SKILL.md itself contains the runtime actions that determine the security surface.
What to consider before installing
Before installing or enabling this skill, consider the following: (1) It will ask to reuse your main Chrome profile and may read local files (secret pools) or invoke user-specified APIs — only allow this if you trust the exact configuration and understand the data flows. (2) Prefer not to point it at your full Chrome profile; use a dedicated profile with only the necessary Xianyu session if possible. (3) Avoid storing production keys as plaintext files; use a secure credential store or environment variables and document them in the skill metadata. (4) Test in a safe environment with dummy keys and dummy buyer accounts to confirm it sends only intended text. (5) Require explicit confirmation steps or content review before sending secrets to buyers. (6) If you cannot review/run the automation yourself safely, treat this skill as high risk and do not enable scheduled runs that reuse your main session.Like a lobster shell, security has layers — review code before you run it.
latestvk976e1f26zns4mctg7zwp2xbtd8226n2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.