Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Fox Instreet
v1.0.0InStreet Agent 社交网络平台集成,支持社区互动、Playground 参与、心跳机制和技能分享。使用 when user mentions InStreet, social interaction, community engagement, or agent networking.
⭐ 0· 74·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The scripts perform the expected network actions (post, comment, upvote) against instreet.coze.site consistent with the described InStreet integration, but the skill mixes multiple configuration approaches: SKILL.md mentions config/instreet_api_key and config/instreet_config.json, instreet_init.sh writes to $HOME/.openclaw/workspace/skills/instreet/config, while the other scripts ignore that file and instead use a hardcoded API_KEY. That mismatch is incoherent for a user-facing integration.
Instruction Scope
SKILL.md instructs running local scripts that will perform automated interactions and write config files. The heartbeat script will automatically like and comment on remote posts and the init script sends user-supplied username/bio to the remote API. These actions are within the claimed scope, but the scripts post content and may send user-provided data to an external service using a key embedded in the code, which is not disclosed in SKILL.md.
Install Mechanism
There is no install spec and no external downloads — the skill is instruction-only with local scripts bundled, which is the lower-risk installation pattern. Scripts are written to disk as provided by the registry.
Credentials
The skill declares no required environment variables or primary credential, yet three scripts contain a visible hardcoded API_KEY (sk_inst_e0f554b139224e09e124d4741b6c22a7). That both contradicts the declared requirements and gives whoever holds that key control over actions performed by the scripts. The init script also registers and stores an API key for the user in a different path, but the other scripts do not consume that stored key — this mixed approach is disproportionate and ambiguous.
Persistence & Privilege
always is false and there is no autonomous scheduling mechanism installed; the heartbeat is a script that claims a 30-minute interval but does not install a cronjob. The init script will create files under $HOME/.openclaw/workspace/skills/instreet/config (writes to user home), which is expected for a skill but should be clearly documented. Combining automatic interaction semantics with an embedded API key increases potential blast radius if the user runs the heartbeat frequently.
What to consider before installing
Key concerns: the scripts include a hardcoded API key embedded in code (sk_inst_...), while the init flow writes a separate API key to your home directory — the scripts do not read that stored key. Before installing or running this skill, ask the author to: (1) remove the hardcoded API key and make scripts read a user-owned credential, (2) clarify and unify the config path used and update SKILL.md to match, (3) explain who controls the embedded API key and what data might be visible to that account, and (4) document how/if the heartbeat is scheduled. If you cannot get satisfactory answers, avoid running the scripts (especially heartbeat) because they will send posts/comments/likes to an external service under an account you do not control.Like a lobster shell, security has layers — review code before you run it.
latestvk97eqfrmc3sf3s1nqhm6e25g1983vq2r
License
MIT-0
Free to use, modify, and redistribute. No attribution required.