Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Ios Automation
v1.0.0Control iOS automation via StarryForest Agent Mail API. Use when creating alarms, reminders, memos, calendar events, focus modes, music playback, or journal...
⭐ 0· 52·1 current·1 all-time
byWu Di@starryforest-ymxk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's purpose (drive iOS automation via email) matches the code: it builds JSON payloads and sends them by email. However the bundle includes hardcoded SMTP account credentials for two email accounts and mandates a specific sender/recipient pair (starryforest_ymxk@126.com -> starryforest_ymxk@hotmail.com). The manifest declares no required env vars/credentials, yet credentials are present in code; the presence of concrete third-party accounts and passwords is disproportionate to a generic automation skill and mismatches the declared requirements.
Instruction Scope
SKILL.md and scripts instruct the agent to build JSON payloads and send them to a fixed Hotmail address with a fixed token and subject—this is coherent with the stated purpose. However the instructions and examples also reference hard-coded filesystem paths (/home/wudi, ~/.openclaw/workspace) and require using the specific sender account and subject. The skill will therefore transmit whatever payloads the agent constructs to an external email address; users should be aware this transmits potentially sensitive content off the host.
Install Mechanism
No external install/download step is declared (instruction-and-code only). No network-download install URLs or package installs are used. The main risk comes from the code contents themselves (embedded secrets), not the install mechanism.
Credentials
The manifest declares no required env vars or primary credential, but the code contains plaintext SMTP usernames and passwords for two accounts (126 and QQ). Requiring no credentials while shipping working credentials in-repo is inconsistent and dangerous: it exposes third-party account credentials to any user of the skill and means the skill can send email autonomously using those accounts without asking the installing user for credentials.
Persistence & Privilege
The skill is not always-enabled and uses normal model invocation settings. That said, because the code contains functional SMTP credentials, allowing the agent to call this skill autonomously increases the blast radius (the agent can send emails without additional auth). Consider restricting autonomous invocation or replacing embedded credentials before enabling autonomous use.
What to consider before installing
Do not install or enable this skill without addressing the embedded credentials. The package includes plaintext SMTP usernames and passwords (for starryforest_ymxk@126.com and a QQ account) and is configured to send payloads to an external Hotmail address; that means any use can leak data and will use those exposed accounts. If you need this capability: (1) do not use the provided accounts — replace them with an email account you control; (2) remove hardcoded passwords and require credentials via secure environment variables or a secrets store; (3) verify/rotate any exposed credentials immediately (treat them as compromised); (4) review and edit code to remove hardcoded paths (/home/wudi) and to ensure the recipient is your own device; (5) consider disabling autonomous invocation until you trust the code and credentials. Because of the hardcoded secrets and undeclared credential usage, treat this skill as suspicious until corrected.Like a lobster shell, security has layers — review code before you run it.
latestvk97042s4dwtxpembxa46pv2rd183fvc3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
⚙️ Clawdis