Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
CPA Manager
v1.1.0CLIProxyAPI (CPA) 运维工具。基于官方 cpa-warden,用于库存扫描、401/限额清理、上传、补池与本地状态跟踪。
⭐ 0· 33·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (CPA Manager / cpa-warden based) align with the included scripts and SKILL.md: they scan inventory, probe for 401/quota, upload auth files, and perform maintenance. However the manifest declares no required environment variables or credentials while the shipped scripts accept/require a management token and base URL (CPA_TOKEN / CPA_BASE_URL or config.json). That mismatch between metadata and actual requirements is unexpected and should be corrected or confirmed.
Instruction Scope
The runtime instructions (SKILL.md) are consistent with the scripts' intended operations (scan, maintain, upload, delete_401, reenable_quota) and document local files created. But SKILL.md does not disclose that the main script contains a hardcoded WHAM_USAGE_URL (https://chatgpt.com/backend-api/wham/usage). That implies the code may make outbound requests to an external domain beyond the target CPA management API; the docs don't mention such external telemetry or probing. Any behavior that might contact third-party endpoints while using user credentials should be explicitly documented and audited.
Install Mechanism
There is no install spec (instruction-only install), so nothing is automatically downloaded or installed by the platform. The package contains Python scripts which must be executed directly; that's low-install-surface risk. Still, running those scripts will execute code included in the package, so contents should be reviewed before execution.
Credentials
Requesting a CPA management token and base URL is proportionate to the stated purpose. However the skill metadata lists no required env vars while the scripts rely on CPA_TOKEN / CPA_BASE_URL or a config.json containing the management token — an information mismatch. More importantly, the cpa_warden.py constant WHAM_USAGE_URL points to chatgpt.com; if probe logic uses target account credentials to call that endpoint (or any third-party endpoint), tokens or account-identifying data could be exposed. The presence of that hardcoded external URL is unexpected and not justified in docs.
Persistence & Privilege
The skill does not request elevated platform privileges and always:false. It does write local state files (SQLite and JSON) as part of normal operation; those are expected and documented. The package does not appear to modify other skills or global agent configs.
What to consider before installing
Before running this skill with real credentials: 1) Treat the manifest mismatch seriously — the package expects a management token (CPA_TOKEN/CPA_BASE_URL) or config.json even though metadata lists none. 2) Inspect cpa_warden.py around the WHAM_USAGE_URL and any code that performs probes: verify which external endpoints are contacted and whether any account tokens or sensitive payloads are sent there. 3) Run the tools in an isolated/test environment first (no production credentials) and monitor network traffic (e.g., with tcpdump/proxy) to ensure requests only go to your CPA service. 4) Prefer to use a config.json that points to internal network addresses and not provide tokens to unknown third-party endpoints. 5) If you cannot audit the code, prefer the upstream official cpa-warden repository (validate checksums/commit history) or request the author to explain and remove any unexpected external calls. These steps will reduce the risk of accidental credential exposure.Like a lobster shell, security has layers — review code before you run it.
latestvk97f4yk71jz3gembfjhd39yx9s83zmnh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.