Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

iaskaster

v1.0.0

命理八字分析技能。用户说"算命"、"排八字"、"看八字"、"命理分析"、"八字分析"、"运势"、"算一卦"、"命盘"、"排盘"、"算卦"、"五行分析"、"八字测算"时触发。调用 iaskaster 生成专业 PDF 报告。 / Bazi fortune-telling skill. Use when user r...

⭐ 0· 60·0 current·0 all-time

by简单的李@tjlzw

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The skill's declared purpose (Bazi/fortune-telling) aligns with network access and an external API (iaskmaster.cn). However SKILL.md actions reference $IASKASTER (node $IASKASTER/index.js ...) even though no IASKASTER env var is declared in the registry requirements; openclaw.plugin.json provides IASKASTER_API_URL as a config option but the SKILL.md variable usage is inconsistent. Modifying OpenClaw's config to add the skill (install.sh) is reasonable for install but is a broader change than the skill's stated functionality and should be expected/confirmed.

Instruction Scope

Runtime instructions perform login (send/verify codes), submit birth data to the external API, poll for report generation, and download PDF reports. The tool includes a 'read' action that reads a specified filename and returns Base64 (iaskaster_read). That can be used to read arbitrary files if not path-restricted. SKILL.md also instructs running npm install/build locally and relies on running node index.js—both normal—but the interplay between manual install and install.sh is confusing. SKILL.md expects working directory variables ($IASKASTER) that are not documented.

ℹ

Install Mechanism

There is no registry install spec but an install.sh is provided. install.sh copies the skill into the gateway workspace, runs npm install (or puppeteer-core only in bundle mode), and uses a node -e snippet to update openclaw.json (adding allowBundled, extraDirs, entries.iaskaster). Installing npm deps (puppeteer-core) is expected for PDF/screenshot features but running an install script that edits global OpenClaw config is invasive and should be reviewed before running.

Credentials

The skill does not declare required env vars in the registry metadata, but the code reads process.env.IASKASTER_API_URL and process.env.IASKASTER_TOKEN_FILE and SKILL.md uses $IASKASTER in commands. The skill creates local token/uid files (.iaskaster-token, .iaskaster-uid) and will send Authorization Bearer tokens to the external API—this is expected for a networked service but you should be aware it stores credentials on disk. No unrelated credentials (AWS, etc.) are requested.

Persistence & Privilege

always:false (good). The install script modifies the global openclaw.json to add/load the skill and allow bundled skills and extraDirs; that is persistent and affects the gateway configuration beyond just copying files. The skill also writes token/uid files to disk. These are normal for an installed skill, but they are persistent changes and should be permitted explicitly by the administrator.

What to consider before installing

Before installing: 1) Review index.js to confirm what paths the iaskaster_read tool will allow reading—ensure it cannot read arbitrary sensitive files. 2) Confirm you trust the external domain (https://iaskmaster.cn) because the skill sends user tokens and birth data to it. 3) Understand that running install.sh will copy files into your ~/.openclaw workspace, run npm install (puppeteer-core), and modify openclaw.json (adding allowBundled and load.extraDirs and enabling the skill). If you don't want global config changes, do not run install.sh; instead examine the code and run in a sandbox. 4) Note the SKILL.md references an $IASKASTER variable not declared—ask the author how the runtime path is set or test in a safe environment. 5) Avoid entering real personal phone numbers or sensitive data until you confirm the service and storage policy. If you want to proceed, inspect the code (index.js) for exact file-read and network behaviors and consider running it within a restricted account or container.

✗

index.js:2

Environment variable access combined with network send.

index.js:2

File read combined with network send (possible exfiltration).

Patterns worth reviewing

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fmg7dkfxr7bsnp76r01jc21841z6g

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

iaskaster

License

Comments