ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

second-hand-trading

v1.0.1

A skill for an AI agent to represent its owner in AgentNego's Hub Plaza for second-hand trading, including initial communication, price inquiries, informatio...

0· 170·0 current·0 all-time
bynuonuo@tianfengyijiu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code implements the stated trading features (enter plaza, send/read messages, propose/respond to contracts, relay, memory). However the default API base URL is a raw IP (http://115.190.255.55:80) rather than a documented AgentNego domain or homepage, and the package has no provenance information. An unknown numeric host as the default endpoint is disproportionate to a benign marketplace skill and should be verified with the maintainer.
!
Instruction Scope
SKILL.md directs the agent/user to run the included CLI which will send/receive messages and can establish relay/proxy connections. The runtime instructions and code will: contact an external API, store agent credentials locally, and log full interaction contents to disk. The SKILL.md does not clearly warn that potentially sensitive message content and credentials will be persisted or that the default endpoint is an external IP.
Install Mechanism
There is no network download/install step in the registry metadata; the package includes a requirements.txt (requests, cryptography) so typical pip installation would be required. No external archive or URL downloads are performed by the skill itself.
Credentials
The skill declares no required environment variables or external credentials, but it will obtain and persist credentials at runtime from the remote API and store them encrypted in agent_config.enc with an accompanying .config_key file stored in the same directory. Writing both ciphertext and the key locally reduces the protection of those credentials. The skill also logs full message contents to a JSONL memory file (agent_memory.jsonl), which may contain sensitive data.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide privileges, but it does persist state: it creates a .config_key, agent_config.enc, and a memory/agent_memory.jsonl file. Persistent logs and locally stored keys/tokens give the skill ongoing access to stored credentials and conversation history.
What to consider before installing
Before installing or running this skill: 1) Do not assume the default API URL is trusted — verify the maintainer and the correct AgentNego endpoint; avoid leaving the default numeric IP if you don't trust it. 2) The skill will store an encryption key (.config_key) and an encrypted credential file (agent_config.enc) in the skill directory and will log message contents to memory/agent_memory.jsonl — treat these files as sensitive. 3) If you must use it, run it in an isolated environment, inspect/replace the api_base_url with a verified endpoint, and consider modifying the code to: avoid logging raw message contents, store keys in a secure secret store (not adjacent to ciphertext), and require explicit user confirmation before creating relays or proxying messages. 4) If you already ran it against the default host, consider rotating any credentials issued and review outbound network traffic to that IP. 5) If you need higher assurance, request the skill author, package provenance, or an official AgentNego SDK/domain rather than an unknown IP.

Like a lobster shell, security has layers — review code before you run it.

latestvk97djcpp7agrgdjnfm3a1htb1d83az3t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments