Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Cms Bp Manager
v2.0.2BP管理助手 — 查看/管理自己与下级的BP(目标/关键成果/关键举措)、AI质量检查。触发词:bp/BP/BP管理/BP目标/BP成果/BP举措/衡量标准/对齐/关键任务/关键成果/上级BP/下级BP/承接/目标管理/OKR/KR/我的目标/我的成果/查看BP/查看目标/检查BP/审计BP。
⭐ 0· 83·1 current·1 all-time
by@spzwin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md, design docs, and scripts implement read-only BP view/search/report and AI audit logic (no write operations). The code calls only BP read endpoints and implements the Kangzhe rules. This matches the stated purpose. However the skill expects an appKey (BP_APP_KEY) and integrates with cms-auth-skills for auth, but the registry metadata at the top of the submission did not declare required environment variables or a primary credential — an inconsistency between declared registry requirements and the runtime requirements.
Instruction Scope
Runtime instructions and included scripts perform network calls to the BP API and GitHub, read environment variables (BP_APP_KEY, BP_EMPLOYEE_ID/EMPLOYEE_ID), and may run a subprocess to perform an update. The SKILL.md and scripts keep scope to BP read/search/report and AI checks, but the auto-update behavior (see commands.py) executes 'npx clawhub@latest install cms-bp-manager --force' via subprocess.run when auto-update is enabled or on prompt. That grants the skill the ability to download and execute code from the network at runtime, which is outside the simple read-and-audit scope and should be considered carefully.
Install Mechanism
There is no install specification in the registry (instruction-only), which is low risk, but the commands.py contains an automatic update/check flow that can invoke npx to install/update the skill (downloads code from the network). Running 'npx ... install cms-bp-manager --force' from within the skill is equivalent to fetching and executing external code at runtime and is a higher-risk install mechanism. The update command is conditional but enabled by default in the script unless skipped via env vars.
Credentials
The code requires an appKey (BP_APP_KEY) for the BP API and optionally reads BP_EMPLOYEE_ID/EMPLOYEE_ID; these are appropriate for a BP viewer/auditor. However the registry metadata presented to the platform declared no required environment variables/primary credential, which is inconsistent and misleading. Also the skill's auto-update behavior is controlled by additional env vars (BP_MANAGER_SKIP_UPDATE_CHECK, BP_MANAGER_PROMPT_UPDATE, BP_MANAGER_AUTO_UPDATE) that are documented in SKILL.md but not surfaced in the registry metadata — the mismatch reduces transparency about what credentials/config the skill needs and what it may do.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills' configs. It can run autonomously (disable-model-invocation=false) which is platform default. The notable persistence/privilege concern is the auto-update path that can install/update the skill using npx/clawhub at runtime — this can change files on disk and should be restricted or disabled if you want to limit runtime modification.
What to consider before installing
This skill appears to implement the stated read-only BP viewing and AI-audit functionality, but there are a few things to check before installing:
- Required credential: The scripts and SKILL.md expect BP_APP_KEY (and optionally BP_EMPLOYEE_ID/EMPLOYEE_ID). The registry metadata shown did not declare these — confirm the platform will provide BP_APP_KEY via cms-auth-skills or that you will set it. Do not provide broader credentials (e.g., AWS keys) — only the BP appKey is needed.
- Auto-update behavior: commands.py can contact GitHub and run 'npx clawhub@latest install cms-bp-manager --force' (via shell). This will download and run external code. If you want to limit risk, set BP_MANAGER_SKIP_UPDATE_CHECK=1 and avoid enabling BP_MANAGER_AUTO_UPDATE, or run the skill in an isolated environment and review/approve updates manually.
- Network endpoints: the client defaults to a specific BaseUrl (https://sg-al-cwork-web.mediportal.com.cn/open-api). Confirm that endpoint is correct and expected for your environment.
- Verify provenance: SKILL.md points to a GitHub repo, but the registry homepage is empty. If possible, inspect the referenced GitHub repo and confirm the owner and release artifacts before trusting auto-update.
- Operational advice: run the provided scripts in a sandbox or non-production environment first, inspect network traffic, and ensure the appKey has the minimum necessary scope. If you require higher assurance, request the publisher to add the BP_APP_KEY requirement into the registry metadata and to disable automatic runtime installs or to make updates purely manual.
I have medium confidence in this assessment because the code and docs broadly match the stated purpose, but the metadata omissions and runtime install behavior are clear inconsistencies that raise risk. Providing the registry manifest that explicitly lists required envs and disabling auto-update would increase confidence.Like a lobster shell, security has layers — review code before you run it.
latestvk972q4twd4445gpazprwj5h4ks84e9y4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.