Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (BP/Business Plan audit) matches the provided OpenAPI docs and SKILL.md: all interfaces are BP-related (periods, groups, task trees, goal/KR/KI details, reports, search). There are no unrelated APIs or binaries requested.
Instruction Scope
Runtime instructions specify calling the listed BP APIs on the cwork-web-test.xgjktech.com.cn domain and require an authentication step (common/auth.md). The auth guidance will read XG_USER_TOKEN from the environment or attempt to extract tokens from context or else prompt the user for a CWork Key and exchange it for xgToken. That is expected for this integration, but SKILL.md relies on reading context/env for tokens (sensitive data), so agents must follow the stated 'do not store token on disk' rules.
Install Mechanism
Instruction-only skill with no install spec and no scripts to execute — lowest install risk. All behavior is API-calling described in docs; no third-party package downloads or archive extraction.
Credentials
The skill documentation clearly requires an appKey/CWork Key and prefers an XG_USER_TOKEN environment variable, yet the registry metadata lists no required env vars or primary credential. This metadata omission is an inconsistency: the skill will need a credential to function and may read XG_USER_TOKEN from the environment or ask the user to supply a CWork Key. Apart from that, it does not request unrelated cloud keys or broad system credentials.
Persistence & Privilege
No 'always' privilege, user-invocable only, no persistent install or scripts that modify other skills or system config. The skill's auth rules explicitly forbid writing tokens to disk and recommend in-memory/session caching.
What to consider before installing
This skill appears to do what it says (calling corporate BP audit APIs) but there are a few practical concerns to consider before enabling it: 1) Authentication: the skill needs an appKey / CWork Key and may read XG_USER_TOKEN from the environment or prompt you to enter a CWork Key to exchange for an access token — do not provide long-lived or unrelated secrets. 2) Metadata mismatch: the registry entry did not declare required env vars (XG_USER_TOKEN or appKey), so the skill may prompt for credentials unexpectedly; treat prompts for keys as sensitive. 3) Network access: it calls a specific corporate domain (cwork-web-test.xgjktech.com.cn and an auth host cwork-web.mediportal.com.cn); only enable this skill if you trust those domains and they belong to your organization. 4) Data sensitivity: the APIs return employee/group/task/report data (IDs, names, report content). Confirm you are comfortable exposing that data to the agent and that the agent will follow the stated 'do not log or persist tokens' guidance. 5) If you need higher assurance, ask the publisher to (a) declare required env vars/primary credential in the registry metadata, (b) provide a trustworthy homepage/source, or (c) provide an allowlist of exact endpoints and scopes used. If you cannot verify the endpoints or provenance, avoid supplying org credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk97dab3rgt1vw0y9gwgps5395h83zg2k
License
MIT-0
Free to use, modify, and redistribute. No attribution required.