ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Byted Security Llmscanner

v1.0.0

大模型安全测评全流程管理工具。支持创建/更新模型和智能体测评资产、查询可用资源、发起合规测评任务、发起安全测评任务、分析测评结果等全流程操作。

0· 77·0 current·0 all-time
by@volcengine-skills
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (LLM security scan manager) match the included scripts (create/update assets, list resources, create/analyze tasks). The scripts call APIs on a configurable host and implement the flows documented in SKILL.md/README.
Instruction Scope
SKILL.md instructs the agent/user to run TypeScript scripts (npx ts-node ...) from the skill directory and to edit scripts/config.ts for API credentials and host. Scripts only interact with the skill's own data directory and the configured API host; they do not appear to read unrelated system files or secrets. Two operational concerns: (1) axios calls use httpsAgent with rejectUnauthorized: false (disables TLS certificate validation), and (2) the README and config instruct storing credentials (username/password or API keys) in a local config.ts file—both are risky operational practices even if coherent with the skill's purpose.
Install Mechanism
Registry metadata lists no install spec, but the package contains package.json and README instructs running npm install and using npx ts-node. This is internally consistent but the lack of an explicit install spec in metadata (while including code and an npm dependency tree) is a minor mismatch to be aware of. Dependencies come from public npm (no opaque external downloads), so standard npm-risk considerations apply.
Credentials
The skill declares no required env vars in metadata, but operation requires configuring API host, username/password (README suggests 'password md5值'), and token/API keys in scripts/config.ts or passed as CLI args. These credentials are directly relevant to the skill's purpose. However, the guidance to store password as an MD5 value and to keep credentials in a plain config file is insecure and should be handled more carefully.
Persistence & Privilege
always:false and user-invocable; it stores token and result caches under its own data directory inside the skill workspace (data/token_cache.json etc.). It does not request elevated platform privileges or modify other skills. Autonomous invocation is allowed by platform default but not inherently dangerous here.
Assessment
This skill appears to do what it says (manage LLM/agent security test assets and tasks) but requires you to run Node scripts and to provide API credentials. Before installing/use: 1) Inspect scripts/config.ts and replace placeholders with correct endpoints only on trusted infrastructure; avoid putting real production credentials into a file on a shared machine. 2) Note the code disables TLS certificate verification (httpsAgent rejectUnauthorized: false) — only use that if you trust the target host or run behind secure network; prefer proper certs. 3) Run npm install and npx ts-node only after reviewing package.json and node_modules; consider installing in an isolated environment/container. 4) Check where token_cache.json and report files will be written (skill data_dir) and who can read them. 5) If you don't want the agent to run the skill autonomously, keep it user-invocable only and avoid enabling automatic invocation. If you want, I can scan specific files (common.ts and the remaining omitted files) for additional risky patterns or point out exact lines where TLS verification or credential handling occur.
!
scripts/src/common.ts:48
File read combined with network send (possible exfiltration).
!
scripts/src/create_asset_model.ts:23
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk97at788yxwkvkk06fj7pf64eh83p9k0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments