Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Sfe Sxk Data Viewer
v1.0.0SFE深西康专属数据查询工具,用于快速查询深西康专属采集项目报表的数据,如新活素查房日采集反馈V2等特定项目的明细报表或汇总报表
⭐ 0· 58·1 current·1 all-time
by@spzwin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (SFE 深西康 data queries) matches the included API docs and Python scripts that call the stated ERP endpoint. However the package metadata claims no required environment variables while the scripts and documentation clearly require an application key (XG_BIZ_API_KEY or XG_APP_KEY). Also the SKILL.md declares a dependency on cms-auth-skills but that dependency is not bundled — the skill instructs the agent to install it at runtime. These are proportional to the purpose but are inconsistently declared.
Instruction Scope
SKILL.md enforces a workflow that will (a) read cms-auth-skills/SKILL.md for auth rules and, if missing, (b) run npx clawhub@latest install cms-auth-skills --force or fallback to installing a GitHub repo. That instructs the agent to perform network installs of third-party code. The runtime scripts call the external ERP API and require an appKey. The SKILL.md also requires all API calls go through the provided scripts (reasonable), but it grants the agent discretion to install external packages — this is scope creep and a potential supply-chain risk.
Install Mechanism
There is no formal install spec in the skill metadata (lowest-risk), but SKILL.md instructs the agent to run npx to install cms-auth-skills or fall back to a GitHub URL. That is effectively an install mechanism triggered at runtime and would pull code from the network (npm / GitHub). Pulling and executing external code via npx from an unknown source increases risk and is not declared in the registry metadata.
Credentials
The skill metadata lists no required env vars, but scripts/docs require an appKey via XG_BIZ_API_KEY or XG_APP_KEY — a clear mismatch. Requesting that appKey is proportionate to the stated ERP API purpose, but the omission from metadata is an inconsistency. No other unrelated credentials are requested. Note: the script disables TLS verification (requests.verify=False), which raises the risk that the appKey or returned data could be exposed to a man-in-the-middle attacker.
Persistence & Privilege
The skill does not request always: true and does not declare persistent system-wide privileges. It does not itself modify other skills or claim to change agent-wide settings. The main persistence/privilege risk comes from the SKILL.md instruction to run npx install commands (which would write and execute code), but the skill metadata does not request elevated privileges.
Scan Findings in Context
[insecure-ssl-verify-false] unexpected: scripts/sfe-sxk/xhs-ward-rounds-report-v2.py calls requests.post(..., verify=False) and suppresses InsecureRequestWarning. This weakens TLS protections and is not necessary for a normal API client.
[undeclared-env-var_usage] unexpected: The code and README require XG_BIZ_API_KEY or XG_APP_KEY, but the skill metadata lists no required environment variables. This mismatch may cause the agent to prompt for secrets unexpectedly.
[runtime-npx-install-instructions] unexpected: SKILL.md instructs the agent to run 'npx clawhub@latest install cms-auth-skills --force' and fallback to installing from a GitHub repo. This instructs runtime installation of external code and is a potential supply-chain risk.
What to consider before installing
Key things to consider before installing or using this skill:
- The Python scripts do require an appKey (XG_BIZ_API_KEY or XG_APP_KEY) even though the skill metadata doesn't declare it — don't provide that secret until you've reviewed/trusted the code and the remote API. Consider running the scripts locally first and inspect network calls.
- The request library in the script explicitly disables TLS verification (verify=False). This reduces security of the appKey and data in transit; ask the maintainer to remove verify=False or ensure you run in a trusted network.
- SKILL.md tells the agent to install a dependency (cms-auth-skills) via npx or from a GitHub URL if missing. That means the agent may execute network installs of third-party code; review the cms-auth-skills project source before allowing any auto-install.
- If you plan to grant the appKey, prefer running the provided scripts yourself in a controlled environment and inspect them for any exfiltration or unexpected endpoints. If you must use the skill hosted in an agent, only proceed if you trust the owner and the cms-auth-skills package, and consider rotating the appKey afterward.
- If you have low tolerance for supply-chain risk, decline or request the author to (a) declare required env vars in metadata, (b) remove insecure TLS settings, and (c) vendor/declare the cms-auth-skills dependency explicitly rather than instructing runtime npx installs.Like a lobster shell, security has layers — review code before you run it.
latestvk974np0b8tg7npqth7ekv3er7583y6fa
License
MIT-0
Free to use, modify, and redistribute. No attribution required.