ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

gsdata-data-search

v1.0.2

通过自然语言描述自动解析并调用GSData项目API,搜索多平台新闻数据,支持情感分析和相对时间范围,结果以Markdown格式返回。

0· 418·1 current·1 all-time
by@urhd528
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's stated purpose (natural-language -> ES search API, multi-platform news search) matches the code and SKILL.md. However there are inconsistencies: SKILL.md comments mention an API at 192.168.11.79:5000, the code uses http://127.0.0.1:5001/api/es/search, and the registry metadata / changelog versions differ. These mismatches look like sloppy documentation or configuration drift and should be clarified.
Instruction Scope
Runtime instructions and the script limit operations to parsing user text, reading/writing a local config.json, generating a signature, and POSTing JSON to an API endpoint. The skill does persist app_key and token to a local config.json file (in plaintext) — the SKILL.md warns about plaintext storage. The SKILL.md/skill.json mention token-based auth but the call code only includes app-key/sign/timestamp headers (it does not attach an Authorization header), which is inconsistent and worth verifying.
Install Mechanism
This is an instruction-only skill with no package download. requirements.txt only lists 'requests'. No remote installers or archive extraction are used.
!
Credentials
The skill requires an app_key (and optionally token) to operate but declares no required environment variables; instead it asks the user to save credentials into a local config.json. Storing secrets in plaintext in the skill directory is risky. Also the SKILL.md and code disagree about whether a token/Authorization header is needed. Confirm whether the token is actually required and how it is used before providing secrets.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It persists its own config.json in its directory (normal for CLI tools), which is a limited privilege but means secrets will remain on disk unless cleared.
What to consider before installing
This skill appears to implement the described ES search functionality, but there are several inconsistencies you should resolve before using it with real credentials: 1) Confirm the actual API endpoint the skill will call — the docs mention 192.168.11.79:5000 while the code posts to 127.0.0.1:5001; understand which service will receive your queries. 2) Understand authentication: the SKILL.md mentions token + HMAC and earlier versions mention removing Authorization; the code sends app-key/sign/timestamp but does not add an Authorization header. Ask the author or inspect the full code path to see whether your token will ever be transmitted. 3) Do not store or supply sensitive production secrets until you are comfortable: the tool saves app_key/token in plaintext config.json in the skill directory. Prefer using short-lived or test credentials, or modify the code to read secrets from a secure store or environment variables. 4) Because it posts to localhost by default, run it in an isolated environment and test with non-sensitive inputs to observe where traffic goes. If you cannot confirm the endpoint and auth behavior, treat the skill as untrusted for production data.

Like a lobster shell, security has layers — review code before you run it.

latestvk979r3q4tj6twhenj5vdh27hfs827t4g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments