ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

cms-config-myclaw

v1.0.5

一键交互式配置自己的 OpenClaw(龙虾)机器人,把公司内部 xg_cwork_im channel 绑定到指定 agent。

1· 93·1 current·1 all-time
by@spzwin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description, SKILL.md and the included scripts all focus on creating a private robot, exchanging a login appKey for an access token, writing the returned robot appKey into ~/.openclaw/openclaw.json, and restarting the OpenClaw Gateway. The external endpoints, plugin checks, and config file operations are consistent with binding xg_cwork_im to a chosen agent.
Instruction Scope
Runtime instructions and scripts are scoped to the stated task: they prompt for an appKey and robot name, call the company robot-register API, update openclaw.json, and restart the gateway. Two notable behaviors to be aware of: (1) the script locates and executes a local cms-auth-skills login.py via subprocess (it searches parent directories for that file and runs it to obtain an access-token), and (2) HTTP requests are made with verify=False (TLS verification disabled) and related warnings are suppressed. Both are operational choices that increase risk (possible execution of an unexpected local script; susceptibility to MITM if run on untrusted networks) but are consistent with a corporate intranet usage scenario described by the skill.
Install Mechanism
There is no external download or install spec; the skill is instruction + local scripts. Nothing is fetched from arbitrary URLs during install. The scripts do call out to existing local binaries (openclaw) and a local cms-auth-skills script, which is consistent with the documented preconditions.
Credentials
The skill does not request unrelated environment secrets. It optionally accepts CMS_CONFIG_MYCLAW_APP_KEY (documented in SKILL.md) to prefill login appKey — the metadata lists no required env vars, which matches that it's optional. The script will pass the provided login appKey to the cms-auth-skills login flow and then transmit the resulting access-token to the company robot registration endpoint; this credential usage aligns with the stated purpose but means you are sending your login key/token to corporate endpoints, as intended.
Persistence & Privilege
The skill writes to the user's OpenClaw config (backs it up first) and restarts the Gateway. That is a high-impact action but is precisely the declared purpose (making the binding live). The skill is not always: true and does not attempt to alter other skills' configs beyond OpenClaw channel/plugin entries. You should expect and permit these changes only if you trust the environment.
Assessment
This skill appears to do what it says: create/update a private robot and bind the company xg_cwork_im channel to a chosen agent by editing your openclaw.json and restarting the Gateway. Before running it, review and accept these operational risks: (1) Inspect the cms-auth-skills login.py that the script will execute (resolve_cms_auth_login_script searches parent folders and runs that script). Make sure no malicious or unexpected login.py is present in your workspace. (2) The HTTP client disables TLS verification (verify=False) and suppresses warnings — on untrusted networks this could enable MITM attacks; confirm you are on a trusted corporate network or modify the code to enable verification. (3) The script will write to and restart your OpenClaw Gateway — back up your config (the script provides backups) and be ready to restore if needed. (4) If you rely on the optional CMS_CONFIG_MYCLAW_APP_KEY env var, be aware that value will be used to exchange for an access-token and sent to corporate auth endpoints. Recommended steps: review the two included Python scripts line-by-line (especially any local cms-auth-skills you have installed), run with --dry-run first, ensure openclaw binary and cms-auth-skills are the expected trusted versions, and keep a manual backup of ~/.openclaw/openclaw.json before performing the binding.

Like a lobster shell, security has layers — review code before you run it.

latestvk976dqery21tyyby3a9zp34fg984tzp8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments