Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Hetu Lyrics Blessing
v1.0.2A daily lyrics blessing skill that sends a random Hetu (河图) song lyric to a designated recipient every day at 23:00. Lyrics are fetched from Baidu Baike usin...
⭐ 0· 299·0 current·0 all-time
byYuqiao Tan@trae1oung
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's purpose (daily email of lyrics) matches the code: it fetches pages with an automated browser and sends mail via SMTP. However the package metadata declares no required binaries or env vars while SKILL.md instructs installing a global npm tool (agent-browser) and configuring SMTP — this mismatch is incoherent. A legitimate skill should declare the agent-browser dependency and require SMTP credentials (ideally via env vars), not leave them implicit.
Instruction Scope
SKILL.md instructs installing and using agent-browser to fetch exact lyrics and to edit send_lyrics.py with SMTP credentials and a cron entry. The runtime instructions and the script explicitly invoke agent-browser to fetch full page text and then extract lyrics — within scope. The problem: the instructions tell you to supply credentials, but the distributed script already contains functioning, hard-coded SMTP credentials and a fixed recipient, which is unexpected and risky.
Install Mechanism
There is no install spec in the registry (instruction-only), but SKILL.md requires installing agent-browser via npm (-g). Installing a global npm package is a standard action but entails network installs; that step is not declared in the metadata. The skill does not download arbitrary archives or use obscure URLs, so install risk is moderate but should be declared.
Credentials
The skill requests no environment variables in metadata, yet the script contains hard-coded SMTP credentials (SMTP_EMAIL, SMTP_PASSWORD) and a fixed recipient address. This is a significant mismatch: a mail-sending skill should require SMTP credentials (and preferably read them from env vars) rather than shipping working secrets. Hard-coded credentials in published code are a red flag for misconfiguration, credential leakage, or abuse.
Persistence & Privilege
The skill is not force-installed (always:false) and does not modify other skills or system-wide agent settings. It suggests the user set up a cron job to run the script daily; that is a user action outside the agent and not an elevated platform privilege.
What to consider before installing
Do not run this skill as-is. Specific concerns: (1) The included Python script contains hard-coded SMTP credentials and a fixed recipient — treat these as compromised secrets; do not run with these values. (2) The metadata does not declare the agent-browser dependency or required env vars, so the skill is inconsistent and could behave unexpectedly. Before installing: remove or replace hard-coded credentials, require SMTP config via environment variables or a secure secret store, verify you control the SMTP account and recipient, and rotate any exposed credentials immediately. Also confirm that automated scraping of baike.baidu.com complies with site terms. If you cannot verify the source/owner of this skill or why real credentials are embedded, prefer not to install it.Like a lobster shell, security has layers — review code before you run it.
latestvk97de94tjv68ca4q97969jzw5582212a
License
MIT-0
Free to use, modify, and redistribute. No attribution required.