Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
cms-push-skill
v1.6.6用于"发布 Skill / 上架 Skill / 推送 Skill / 更新已发布的 Skill / 下架 Skill / 把本地 Skill 上传到平台 / 同步到 ClawHub 或 GitHub"。一键完成 打包 → 七牛上传 → 平台注册/更新/下架。需要先通过 cms-auth-skills 取得 to...
⭐ 0· 168·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The scripts included (pack, upload, register, update, delete, publish) align with the stated purpose of pushing skills to a platform; requiring an access-token via cms-auth-skills is expected. However the package registry metadata lists no required environment variables while the code clearly expects XG_USER_TOKEN / access-token / ACCESS_TOKEN and optionally XG_CORP_ID and CMS_API_BASE, which is an inconsistency.
Instruction Scope
Runtime instructions tell the agent to run the included Python scripts which make network requests to API_BASE (default https://skills.mediportal.com.cn), obtain Qiniu upload tokens, and upload ZIPs — consistent with purpose. Concerns: (1) an EXTERNAL_DOWNLOAD_URL_TEMPLATE points to a third-party domain (https://wry-manatee-359.convex.site) for external-mode download URLs — this redirects external skill download addresses to an unexpected host; (2) the scripts call requests with verify=False and suppress SSL warnings, disabling TLS verification (enables MITM risk); (3) scripts read environment variables (tokens, corp id, CMS_API_BASE) that were not declared in registry metadata.
Install Mechanism
This is an instruction-only skill with bundled Python scripts; there is no installer that fetches code from arbitrary URLs and no package manager install spec. Nothing is being downloaded at install time by the skill itself.
Credentials
The code legitimately needs an access token and optional corp ID to interact with the platform, but the skill metadata does not declare these required env vars. It also supports overriding API base via CMS_API_BASE. Requiring an access token is proportional for a publish tool, but be aware the token will be used to call platform APIs and to obtain Qiniu upload credentials; only provide tokens you trust for this use. The code's suppression of SSL verification increases risk if tokens are used against an attacker-controlled network.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system-wide privileges. It does not modify other skills' config files. Autonomous invocation is allowed by default but not combined with other high privileges here.
What to consider before installing
Before installing or running this skill: (1) Review the Python scripts locally — they will POST your access token to the configured API_BASE and upload ZIPs to Qiniu. (2) Ensure you set and provide only tokens meant for the target platform (XG_USER_TOKEN / access-token / ACCESS_TOKEN); the registry metadata fails to declare these required env vars. (3) Do not use the --external option unless you trust the external download host (the code uses a hard-coded convex.site URL for external downloads). (4) Fix or be aware of verify=False in requests (consider changing to verify=True) because current code disables TLS certificate verification. (5) Run in an isolated environment or review network calls (API_BASE, CMS_API_BASE, Qiniu domain) if you are unsure. If you need a clean verdict, request the publisher to (a) declare required env vars in metadata, (b) remove/justify the hard-coded external URL, and (c) enable TLS verification by default.Like a lobster shell, security has layers — review code before you run it.
latestvk974ee93v0qxkawmz1dp4mey4984ehzq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.