ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Hotel Asset Marketer

v1.0.0

Generate, review, and publish social media content through MCP with AgentAuth and workspace token authentication.

2· 32·0 current·0 all-time
by@tourmind
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires sensitive credentialsPosts externally
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill claims to be an MCP connector for HotelPost with dual-token authentication; that purpose matches the listed mcporter-based tool calls. However the registry metadata claims no required binaries or env vars while SKILL.md requires 'mcporter' and 'curl' and specific files/paths (feishu-send at /usr/local/bin). This mismatch between manifest and runtime instructions is a red flag (could be sloppy packaging or a missing manifest), but the requested capabilities themselves (mcporter + workspace token + user token) are coherent with the described functionality.
!
Instruction Scope
The instructions require writing temporary images to /root/.openclaw/workspace/ and depend on an external helper 'feishu-send' that will read credentials from 'OpenClaw config'. They also say 'Must use mcporter — do NOT use exec/curl', yet elsewhere list 'curl' as required to download images. The skill instructs access to agent MCP configuration to add two tokens (hp_sk_* and uk_*). Requiring root-path write access and external helper binaries broadens the runtime surface and could expose other workspace data; also the contradictory guidance about curl vs. forbidden curl/exec is ambiguous and grants the agent unclear discretion.
Install Mechanism
This is an instruction-only skill with no install spec or code files, so nothing will be downloaded or written at install time by the skill itself. That minimizes installation risk. The remaining risk comes from runtime actions (writing to /root/.openclaw/workspace/ and invoking external binaries) rather than an installer.
!
Credentials
The skill requires dual MCP tokens (a workspace API key hp_sk_* and a per-user AgentAuth token uk_*), which are appropriate for a multi-tenant publishing tool. However, the registry metadata lists no required credentials while SKILL.md mandates placing those tokens into the agent's MCP configuration. The skill also relies on 'feishu-send' which 'automatically reads credentials from OpenClaw config' — that implicit credential access is not enumerated in the manifest and could be used to access other agent credentials if feishu-send's scope is broad. Requiring write access to /root/.openclaw/workspace/ is elevated relative to the stated task and may allow unintended file access.
Persistence & Privilege
The skill is not always-enabled and does not request special platform privileges. It is user-invocable and allows normal autonomous invocation (the platform default). There is no install script or self-modifying behavior described. This dimension does not add new privilege concerns by itself.
What to consider before installing
Before installing or enabling this skill, consider the following: - Manifest mismatch: The catalog entry claims no required binaries/credentials, but SKILL.md requires mcporter, curl, and tokens placed in the agent MCP config. Confirm with the publisher why the manifest omits these requirements. - Token handling: You will need to add a workspace API key (hp_sk_*) and a per-user AgentAuth key (uk_* ) into your agent MCP server configuration. Ensure you understand where those tokens will be stored and who/what can read them — putting long-lived keys into agent config can be sensitive. - Filesystem access: The skill insists on writing temporary images to /root/.openclaw/workspace/. That is a privileged path; verify the agent process runs with appropriate user separation and that writing here won't expose other sensitive files. Consider whether a less-privileged workspace path can be used. - feishu-send behavior: The skill expects a helper at /usr/local/bin/feishu-send that 'automatically reads credentials from OpenClaw config'. Inspect that binary (or ask for its source) to confirm it only reads intended config and doesn't exfiltrate other secrets. - Contradictions: SKILL.md forbids using curl/exec to call the MCP API but elsewhere lists curl as required for downloading images. Ask the author to clarify the precise runtime flow (are downloads performed by mcporter or by the agent via curl?). - Test in isolation: If you proceed, test in a non-production environment first, with minimal-scoped tokens, and monitor agent logs and network calls. Rotate keys after testing and prefer short-lived or workspace-scoped keys where possible. If you want, I can draft specific questions to ask the skill author (e.g., provide the expected agent config file path, the exact mcporter binary version required, and the feishu-send source) or suggest safer alternatives (use a non-root workspace path and confirm feishu-send audit).

Like a lobster shell, security has layers — review code before you run it.

latestvk97618e30z5ahz08vvhtkfhs6184tnvr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments