ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pipenet-skill

v1.0.0

分析和处理TOML格式的管道网络,包括转换描述、加载求解及结构与运行状态可视化。

0· 71·0 current·0 all-time
by@spiderdking
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (pipe network TOML parsing, solving, visualization) align with the provided code: loader, solver, validator, analyzer, and visualizer modules implement those features. Declared dependencies (numpy, scipy, tomllib, networkx) make sense for numerical solving and graph operations.
!
Instruction Scope
SKILL.md itself is high-level and stays within scope, but the pre-scan flagged prompt-injection patterns (base64-block, unicode-control-chars) inside SKILL.md which could be an attempt to manipulate runtime prompts or evaluations. The code accepts TOML content and file paths from callers and will read arbitrary files (load_from_file) and write generated TOML/HTML to ./src/toml and ./src/html using values derived from the input (pipe_net.name and scenario_name) without sanitization, introducing risks (directory traversal, overwriting files).
Install Mechanism
No install spec is provided (skill is distributed with code). No downloaded or remote install steps in metadata. Declared Python packages are standard scientific libraries; nothing in the install step is opaque or pulls code from an untrusted URL.
Credentials
No environment variables, credentials, or config paths are requested. The skill only uses file I/O relative to the repository and standard Python libraries; requested resources are proportionate to the stated functionality.
Persistence & Privilege
always:false (normal). The skill writes files into the agent package directories (./src/toml and ./src/html) and will read arbitrary paths passed to analyze_network; although not privileged by platform flags, the file I/O behavior means a malicious or careless caller could make it read or overwrite files within agent filesystem—review intended runtime environment and sandboxing before granting access.
Scan Findings in Context
[base64-block] unexpected: SKILL.md pre-scan detected a base64-block pattern. The skill's declared purpose (pipe network analysis) does not require embedding base64 payloads in its README/instructions; this is unexpected and worth inspecting to confirm there are no hidden or encoded instructions.
[unicode-control-chars] unexpected: SKILL.md pre-scan detected unusual Unicode control characters. These can be used to hide or obfuscate content in prompts/instructions; not expected for a straightforward usage document.
What to consider before installing
High-level advice before installing or enabling this skill: - Code–purpose match: The Python modules implement the declared functionality (TOML loader, numerical solver, visualizer). That is coherent with the skill description. - Prompt-injection risk: The SKILL.md was flagged for base64 and Unicode control characters. Inspect SKILL.md raw text for hidden characters or encoded payloads before trusting it. Remove or sanitize any suspicious hidden content. - File I/O risks: The skill reads TOML files from arbitrary paths and writes output files to ./src/toml and ./src/html using names derived from input (pipe_net.name and scenario_name). If an attacker controls the TOML content or names, they could cause directory traversal or overwrite files. Mitigations: run in a sandboxed environment, restrict and validate file paths, and sanitize file names (reject '..', absolute paths, or suspicious characters). - Input validation: Several functions assume correct types (e.g., float values for some scenario actions). Malformed inputs can raise exceptions or cause partial failures—validate inputs before handing them to the skill. - External resources: Generated HTML references external CDNs for JS/CSS. The HTML itself does not exfiltrate data, but viewing it in a browser will fetch remote resources. If you must avoid external network calls, host the JS/CSS locally or remove CDN references. - Dependencies & runtime: The skill expects Python >=3.11 (uses tomllib) and scientific packages (numpy, scipy). Ensure the runtime environment can install/contain those packages and that they are acceptable for your security posture. - Testing: Before using on real data or giving it file-system access, run the skill in an isolated container, pass controlled TOML files, and verify it cannot read or write outside an allowed directory. If you want, I can: (1) locate and show the exact lines in SKILL.md that contain the hidden characters, (2) suggest code changes to sanitize file paths and names, or (3) propose a minimal sandbox policy for running this skill safely.

Like a lobster shell, security has layers — review code before you run it.

latestvk971xbj3ry8n4rq9hgbfgkyjtd83g0gy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments