ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

valuescan-monitor-skill

v1.0.2

ValueScan后台实时监控Skill。订阅Stream推送(大盘分析/代币信号),将数据持久化写入本地文件,可选飞书机器人通知。

0· 31·0 current·0 all-time
byValueScan-ai@valuescan-io
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, SKILL.md, and the included scripts consistently implement a realtime SSE monitor for ValueScan that writes events to disk and optionally posts to a Feishu webhook — that capability is coherent with the stated purpose. However, registry metadata (no required env vars, 'instruction-only' claim) contradicts SKILL.md which declares required API Key/Secret and dependency runtimes; the package claims to be instruction-only but includes runnable code (Python/TS/JS). These packaging inconsistencies should be resolved.
Instruction Scope
Runtime instructions are narrowly scoped to: collect APIKey/Secret, create ~/.vs-monitor/config.json, start/stop background monitor processes (PID files), write event data to user-specified outputDir, and optionally POST to a configured Feishu webhook. This matches the skill purpose. Two points to note: (1) the agent is instructed to start/kill processes and write files under the user's home — this requires shell access and can affect local processes if PID files are tampered with; (2) credentials are explicitly written to disk in plaintext per SKILL.md.
Install Mechanism
There is no automated install spec (no archive download or package installation), which reduces supply-chain risk, but the SKILL.md and scripts require Python and Node dependencies (pip packages and npm deps) to be installed manually. The presence of multiple language implementations (py/ts/js) is benign but worth noting — the skill ships runnable code even though registry metadata suggested instruction-only.
!
Credentials
Requesting an API Key and Secret is appropriate for subscribing to ValueScan streams. However: (1) SKILL.md/ scripts will store those credentials in plaintext at ~/.vs-monitor/config.json (explicitly noted) — this is a material risk and increases credential exposure; (2) registry metadata did not declare required credentials, an inventory mismatch that could lead to unexpected disclosure; (3) writing to arbitrary outputDir and allowing a webhook URL lets data leave the host if a webhook is configured or maliciously changed.
Persistence & Privilege
Skill does not request always:true or system-wide privileges. It manages its own files under ~/.vs-monitor and writes PID files for the monitor processes. The skill can be invoked autonomously (platform default), which combined with stored credentials would increase blast radius — exercise usual caution, but this is not an unusual privilege level for a monitoring skill.
What to consider before installing
Before installing, verify the skill source and consider the following: (1) packaging mismatch — the registry claims no credentials but SKILL.md and scripts require API Key + Secret; confirm this is expected. (2) Credentials will be stored in plaintext at ~/.vs-monitor/config.json — avoid using high-privilege or long-lived keys, and restrict file permissions (chmod 600) or run the monitor in a container/VM. (3) The skill starts/kills background processes based on PID files — do not run as root and ensure PID files point to the intended processes. (4) Only configure the optional Feishu webhook if you trust the destination (it will receive message contents). (5) Inspect the provided scripts yourself (they are included) and consider running them in an isolated environment. If these issues are acceptable and provenance is verified, the code appears to implement the described monitoring behavior; otherwise do not install.
!
script/monitor.ts:184
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk970dvsr04g0ge8rd2y0atnhex84vsrm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments