Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
唯品会活动搜索
v1.0.5唯品会(vip.com)促销活动查询技能。当用户想了解唯品会当前或近期活动信息时触发,包括但不限于: 查活动、看特卖、有没有促销、419/618/双11/周年庆/双12等大促信息、品牌特卖专场、限时狂秒、 今天什么在打折、哪些品牌在搞活动、活动什么时候结束等。 返回活动名称、活动时间、参与品牌、活动链接等结构化信...
⭐ 0· 140·0 current·0 all-time
byvip@viphgta
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code and SKILL.md align with the stated purpose: querying vip.com promotion API and summarizing results. Requiring a login cookie and reading ~/.vipshop-user-login/tokens.json is coherent with accessing a protected API. However, the skill also mandates auto-installation and invocation of a different skill (vipshop-user-login) which is more than a simple dependency and deserves scrutiny.
Instruction Scope
The SKILL.md requires the agent to automatically detect login state, and if not logged in, to (without asking the user) install and invoke vipshop-user-login via 'clawhub install' or execute a sibling script ('../vipshop-user-login/scripts/vip_login.py --blocking'). That grants the agent authority to modify installed skills and execute code outside the skill's directory — scope creep beyond a read-only query skill.
Install Mechanism
There is no formal install spec in the registry for this skill, but the instructions tell the agent to run 'clawhub install vipshop-user-login' or execute a relative path script. Using clawhub may be legitimate, but the skill's implicit install-of-another-skill is not declared and executing a relative script path (../...) can run arbitrary code from outside the package — this raises elevated risk.
Credentials
The skill does not request environment variables or secrets in the manifest. It reads a specific local token file (~/.vipshop-user-login/tokens.json) to obtain cookies for the vip.com API; that is proportional to authenticating requests. The skill does not exfiltrate tokens to other endpoints in its code.
Persistence & Privilege
Although always:false and no persistent privileges are declared, the SKILL.md explicitly instructs installing and invoking another skill and executing its login script. That behavior modifies the agent environment (installs a skill, runs code) and can increase blast radius; auto-installation/invocation without explicit user consent is a privileged action and should be treated cautiously.
What to consider before installing
This skill's code matches its purpose: it reads a local tokens.json, uses the vip.com API, and formats results. The red flag is the runtime requirement to automatically install and invoke a separate vipshop-user-login skill (via 'clawhub install' or running '../vipshop-user-login/scripts/vip_login.py') and to proceed without explicit user consent. Before installing or enabling this skill, consider: 1) Require explicit user permission before any automatic install or execution of other skills. 2) Inspect the vipshop-user-login skill code and confirm its provenance (clawhub registry source). 3) Avoid allowing the agent to run relative-path scripts outside the skill directory unless you trust the source. 4) If you want to limit risk, run the login step manually and place a verified tokens.json at ~/.vipshop-user-login/tokens.json so the skill can run read-only queries. 5) If you must allow auto-login, review and verify the vipshop-user-login installer and runtime behavior first.Like a lobster shell, security has layers — review code before you run it.
latestvk978xnrj1gg80nhdbcjanzjppn84jp9a
License
MIT-0
Free to use, modify, and redistribute. No attribution required.