Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Cwork Skill Update
v1.0.5管理工作协同中的员工查询、汇报处理、待办闭环和任务协作流程。触发词:cwork/CWork/工作协同/发送汇报/发汇报/汇报/申请/周报/待办/任务/催办/搜索员工/查收件箱。
⭐ 0· 45·0 current·0 all-time
by@spzwin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The scripts and SKILL.md align with the stated purpose (CWork employee search, reports, tasks, todo flows). However the published registry metadata claims no required environment variables while the scripts and SKILL.md clearly expect runtime credentials (e.g., CWORK_APP_KEY / CWORK_BASE_URL for CWork API calls). This mismatch between declared requirements and actual runtime needs is incoherent and should be resolved.
Instruction Scope
Runtime instructions tell the agent to exec the included Python scripts which perform HTTP API calls to the CWork platform and (optionally) to GitHub. The cwork-report-issue script will send report data to api.github.com; issue bodies can include script stderr/JSON and other details, which may leak sensitive info (stack traces, request payloads, or user-supplied content). The scripts also accept local file paths for attachments (uploaded to the CWork API) and support a --params-file mechanism that reads JSON from disk and injects arguments — both expected but worth auditing for what data may be loaded/transmitted.
Install Mechanism
There is no install spec (instruction-only plus bundled scripts). No external installers or remote downloads are used by the skill package itself, which reduces supply-chain risk. The included code will run on the agent host when executed.
Credentials
The skill package declares no required env vars, but scripts reference and require CWORK_APP_KEY (and optionally CWORK_BASE_URL) to authenticate to the CWork API. More seriously, scripts/maintenance docs reveal a hard-coded GitHub personal access token (_BUILTIN_TOKEN) embedded in scripts/cwork-report-issue.py and a statement that "all users share this token." Embedding a token in code is a secret-management and provenance issue: it grants the skill the ability to create GitHub Issues on behalf of that token and may expose data sent to the issue body. The SKILL.md lists cwork-report-issue as requiring GITHUB_TOKEN but registry metadata did not declare it — another mismatch.
Persistence & Privilege
The skill is not marked always:true and is user-invocable (normal). It can be invoked autonomously by the agent (default model invocation not disabled). The presence of a built-in GitHub token increases the blast radius if the skill is invoked automatically and given error data to report, but the skill does not request persistent system-wide privileges or modify other skills.
What to consider before installing
This skill largely does what it claims (wrappers around CWork APIs) but has two important red flags you should address before installing:
1) Missing declared credentials: the package metadata says no env vars are required, yet the scripts expect CWORK_APP_KEY (and optionally CWORK_BASE_URL) to call the CWork API. Confirm how authentication will be provided and ensure you do not run the scripts without appropriate, least-privilege credentials.
2) Hard-coded GitHub token: scripts/cwork-report-issue.py contains a baked-in _BUILTIN_TOKEN and documentation telling users that a shared token is embedded. That token will be used to create GitHub Issues and could receive whatever error or diagnostic text the scripts send — potentially leaking sensitive details to that GitHub repository. Prefer disabling automatic issue submission, remove the built-in token, or replace it with your own GITHUB_TOKEN provided via environment variable. Audit the issue-body construction to ensure no sensitive data (like full API payloads, tokens, or attachments) will be posted.
Actionable steps before use:
- Inspect cwork_client.py to confirm how it reads CWork credentials and what network endpoints it contacts.
- Remove or rotate any embedded tokens (do not use the built-in token). Require GITHUB_TOKEN be set in your environment if you want issue reporting, and consider disabling auto-reporting entirely.
- If you will permit autonomous agent invocation, restrict the agent’s permission to call this skill until you’ve validated its behavior and confirmed it will not exfiltrate sensitive content.
- If you cannot audit or remove the embedded token, do not install or run this skill in sensitive environments.Like a lobster shell, security has layers — review code before you run it.
latestvk97cap5xednqkzjwxch7wz8c9n84etxf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.