Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
TANGSUAN1994
v1.0.0将文档摘要、分类和原链接记录到「工作知识库」智能表格中。当用户提到「知识库」,或要求"记录/存入/归档到知识库",或发来文档链接并希望整理归档时触发。流程:AI 自动生成简短摘要 → 用户指定主题分类 → 写入企业微信智能表格。
⭐ 0· 89·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to record documents into a 'work knowledge base' and the SKILL.md shows exactly how (mcporter call to wecom-doc with a fixed docid and sheet_id). However, the registry metadata lists no required binaries, env vars, or primary credential even though the runtime requires the mcporter binary and configured wecom-doc MCP credentials. The fixed docid/sheet link implies writes to a specific remote sheet (not declared), which may not belong to the installer.
Instruction Scope
Runtime instructions are specific and limited (extract title/summary, ask user for category, then call mcporter to add records). They do not request system files or other unrelated env vars. Concerns: (1) instructions assume mcporter is present and configured but metadata doesn't state that; (2) they will send user-provided content to a hard-coded remote smart sheet (doc.weixin.qq.com) — the skill does not instruct verifying ownership/permission or warning about sensitive content.
Install Mechanism
This is instruction-only (no install spec), so it won't write code to disk — low install risk. But it's inconsistent: SKILL.md requires the mcporter CLI and a configured wecom-doc MCP server, yet the skill metadata declares no required binaries or install steps. The installer should expect to install/configure mcporter externally.
Credentials
No environment variables or credentials are declared, but the skill implicitly requires credentials for the wecom-doc MCP (to authenticate writes) stored/configured in mcporter. That credential access is not documented in metadata and the target docid is hard-coded, raising proportionality and transparency concerns (who owns the target sheet, where will user data go?).
Persistence & Privilege
always is false and the skill is user-invocable — normal. The skill does not request persistent installation privileges. However, because it can be invoked by the agent and will write externally to a fixed sheet, autonomous invocation combined with the hard-coded data sink increases potential impact; this should be considered when granting the agent permission to run autonomously.
What to consider before installing
Before installing or enabling this skill: (1) Confirm who owns the hard-coded WeCom smart-sheet (docid/sheet_id). If it is not under your control, do not send sensitive documents to it. (2) Expect to install and configure the mcporter CLI and the wecom-doc MCP server yourself; the skill metadata should have declared this — ask the author to add required binaries and credential details. (3) If you will use this in production, request that docid/sheet_id be configurable (not hard-coded) and that the skill explicitly state which credentials it will use. (4) Test with non-sensitive sample data first. (5) If you need higher assurance, ask the publisher for the skill's origin/homepage and for proof that the remote sheet belongs to your org or is a trusted endpoint.Like a lobster shell, security has layers — review code before you run it.
latestvk97dd99mqzgcfnsqcwzs04z28s83a0es
License
MIT-0
Free to use, modify, and redistribute. No attribution required.