ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw-Halo-CMS

v1.0.0

博客文章管理技能。当用户提到"发文章"、"写博客"、"Halo"、"发帖"、 "回复评论"、"博客管理"等关键词时使用此技能。

0· 74·0 current·0 all-time
byThomas_Oscar@thomasoscar
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's name/description (Halo blog management) matches the code's operations (listing, creating, publishing posts, replying to comments). However the declared primary credential (HALO_PAT_TOKEN, Bearer JWT) in SKILL.md/metadata is not used by the code; instead the script resolves HALO_USER/HALO_PASS (Basic auth) and reads .env.halo files. This is an incoherence between stated purpose/requirements and actual credential usage.
!
Instruction Scope
SKILL.md instructs the agent to run scripts/halo_api.py and specifies Bearer PAT usage and safety constraints, but the script: (1) does not use HALO_PAT_TOKEN, (2) searches for a .env.halo file in the workspace and parent dirs (reads files outside the skill bundle), and (3) relies on HALO_USER/HALO_PASS and HALO_URL. The script therefore accesses environment and filesystem state beyond the declared inputs — this is scope creep and a possible source of secret exposure.
Install Mechanism
No install spec is provided (instruction-only skill plus a Python script). Nothing is downloaded or executed at install time; risk from install mechanism is low. The runtime risk comes from the included script's behavior, not from an installer.
!
Credentials
Metadata declares only HALO_PAT_TOKEN as required, but the script uses/reads HALO_USER, HALO_PASS, HALO_URL, and OPENCLAW_WORKSPACE, plus scanning .env.halo files for credentials. Required envs and file reads are not proportional to the declared HALO_PAT_TOKEN: either the metadata is wrong or the code is misaligned. The script may therefore access credentials the user did not expect to be used.
Persistence & Privilege
always is false, no automatic persistence or modification of other skills is present in the manifest. The skill does not request elevated persistence privileges in the registry metadata.
What to consider before installing
Do not install or run this skill until the author clarifies and/or fixes the credential handling. Specific things to verify or request from the author: (1) Why does SKILL.md declare HALO_PAT_TOKEN (Bearer) while the script uses HALO_USER/HALO_PASS (Basic)? The code should be updated to use the documented credential or the metadata updated to list the envs the script actually needs. (2) Remove or make optional the .env.halo workspace scan — reading parent directories can expose unrelated secrets; prefer explicit env vars only. (3) Document HALO_URL, HALO_USER, HALO_PASS, and OPENCLAW_WORKSPACE in the metadata if they are required. (4) Review the full script (the provided file was truncated) to ensure there are no hidden endpoints or data-exfiltration behaviors. If you must test it, run it in an isolated sandbox with minimal test credentials and set HALO_URL to a controlled test server. Avoid placing real credentials in workspace files until the mismatch is resolved.

Like a lobster shell, security has layers — review code before you run it.

latestvk979epe3rfnkq5dy76m0xpdev983fbjn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📖 Clawdis
Binspython3
EnvHALO_PAT_TOKEN
Primary envHALO_PAT_TOKEN

Comments