Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Cms Report Issue
v1.0.2用于"反馈问题 / 报 bug / 上报错误 / 提交 issue / 查看 Skill 问题列表 / 标记问题已解决 / 关闭问题"。处理 Skill 使用过程中遇到的报错、异常、改进建议;支持 stdin 管道接收错误输出。是 cms-create-skill 与 cms-push-skill 的统一问题反馈入口
⭐ 0· 69·1 current·1 all-time
by@spzwin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The scripts' network calls to a central issue-management API (https://skills.mediportal.com.cn) are coherent with the skill's stated purpose of reporting and listing issues. However the SKILL metadata declares no required env vars or credentials while the code reads token environment variables for auth; that omission is inconsistent and surprising.
Instruction Scope
SKILL.md and scripts instruct the agent/user to run included Python scripts which will POST data to a remote API and optionally update issue status. The instructions reference 'cms-auth-skills' to prepare an access-token, but the skill does not declare or require any env vars — the scripts nonetheless read XG_USER_TOKEN / access-token / ACCESS_TOKEN. The scripts also accept stdin and can include arbitrary error output in reports, meaning potentially sensitive logs could be sent to the external endpoint.
Install Mechanism
No install spec (instruction-only) which minimizes install-time risks. However the bundle includes Python scripts that assume a Python 3 runtime is present and will be executed; SKILL metadata does not list required binaries (python3), which is an inconsistency but not an intrinsic supply-chain risk.
Credentials
The code reads environment variables named XG_USER_TOKEN / access-token / ACCESS_TOKEN and will include them as an 'access-token' HTTP header when present. The skill metadata did not declare these required/optional env vars. Requesting or using access tokens is reasonable for updating issues, but the lack of declaration and the scripts' ability to upload arbitrary stdin/logs creates an exfiltration risk if sensitive data or unrelated tokens are present in the environment.
Persistence & Privilege
The skill is not always-enabled and does not request elevated or persistent platform privileges. It does not modify other skills or system-wide settings.
Scan Findings in Context
[insecure-ssl-skip] unexpected: The scripts disable certificate verification (ssl.create_default_context(); ctx.check_hostname = False; ctx.verify_mode = ssl.CERT_NONE). Skipping TLS verification is risky (MITM exposure) and is not necessary for a straightforward reporting client to a trusted HTTPS API.
[reads-access-token-env] unexpected: The code reads environment variables XG_USER_TOKEN / access-token / ACCESS_TOKEN and will add them to requests as an 'access-token' header. While authenticating update actions is reasonable, the skill metadata does not declare these env vars, creating an undeclared credential dependency and possible surprise/exfiltration vector.
What to consider before installing
This skill implements report/list/update of issues and calls a remote API by default (https://skills.mediportal.com.cn). Before installing: 1) Inspect or run the included Python scripts locally — they will POST error text (including stdin) to the remote service. 2) Be cautious that the scripts disable TLS certificate checks (insecure — enables MITM). 3) Note they read XG_USER_TOKEN/access-token/ACCESS_TOKEN from the environment even though metadata didn't declare credentials; avoid having sensitive tokens in your environment when running these scripts. 4) If you need this functionality, prefer to (a) set --api-base to a trusted endpoint you control, (b) remove or fix the _ssl_context TLS bypass, and (c) ensure tokens are provided explicitly and documented (or use cms-auth-skills as intended). 5) If uncertain, run the scripts in an isolated environment/container and audit network traffic before enabling in production.Like a lobster shell, security has layers — review code before you run it.
latestvk975mey8g4qvg1nddr7jk93vks84cpdg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.