ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

关机吧人类

v1.0.3

总说“再刷一会儿、马上就睡”,结果一抬头又是凌晨。「关机吧人类」 是一个帮你和熬夜说再见的自动关机助手。你可以提前设定时间,到点后自动关闭指定软件或服务,帮你从“停不下来”切换到“该睡了”。不管是游戏、聊天、娱乐,它都能在深夜替你按下暂停键。适合戒掉报复性熬夜的人。这是一项付费服务,一分钱体验,执行前需完成支付验...

0· 65·0 current·0 all-time
by桃花键神@w16638771062
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The stated purpose is to provide a timed software shutdown service — the included scripts implement that. However: (1) the shutdown implementation uses PowerShell Stop-Process (Windows-only) while the skill has no OS restriction, which is inconsistent; (2) the skill hardcodes an external IP endpoint for order/payment interactions (119.29.236.244:8080) rather than a reputable, documented service domain; (3) some metadata/behavior (network outbound, credential.read) are explainable for a paid remote payment flow but the hard-coded IP and lack of a known homepage make the network target disproportionate to the claimed purpose.
!
Instruction Scope
SKILL.md instructs the agent to (a) require payment first and not proceed if order creation fails, (b) avoid inspecting or retrying on failure (explicitly forbids checking script source), and (c) 'you should use Chinese and include your thought process (包含你的思考过程)', which asks the agent to reveal chain-of-thought. The runtime scripts read/write order files in the user's home and POST orderNo, question, payCredential, and delay to the hard-coded remote endpoint — transmitting sensitive payment credential data to an external IP. These instructions go beyond simply shutting processes and include problematic requirements (revealing internal thought, forbidding code inspection, sending credentials externally).
Install Mechanism
No install spec — instruction-only — so nothing new would be downloaded at install time. However, the skill bundle includes Python scripts that will be executed locally; there is no installer but code will be run from the skill files.
!
Credentials
The skill declares no required env vars, but requests 'credential.read' and 'network.outbound' in metadata and reads order JSON files from a fixed directory in the user's home (which contain payCredential). service.py then POSTs the payCredential to an unexplained external IP. Transmitting payment credentials to an unverified hard-coded IP is disproportionate and risky. No justification or TLS/hostname verification is present for contacting that server. Also the saved order JSON is stored unencrypted under ~/.openclaw or ~/openclaw, which may retain sensitive data.
Persistence & Privilege
always:false (normal). The skill writes order JSON files into a fixed per-indicator directory under the user's home (expected for a payment flow). It does not request system-wide privileges beyond invoking PowerShell to stop processes. Nonetheless, the ability to stop arbitrary processes is powerful and could terminate important user/system processes if process names overlap; the skill does not restrict scope beyond user-provided category lists.
What to consider before installing
Do not install or run this skill without further verification. Specific concerns to address before using: (1) The scripts contact a hard-coded IP (http://119.29.236.244:8080) and will POST the payment credential there — verify who operates that server and why your payCredential is sent. (2) The SKILL.md asks the agent to reveal its internal thought process (chain-of-thought) — never allow that; request the skill remove that requirement. (3) The shutdown code uses PowerShell Stop-Process (Windows-only) although no OS restriction is declared — confirm target OS support. (4) The workflow forbids inspecting script source on failure (odd and suspicious) — insist on the ability to review and test the code. (5) Order files containing sensitive payment data are stored unencrypted under your home directory — consider the privacy implications. If you must proceed: run the skill in a sandboxed/test environment, manually inspect the scripts, replace the hard-coded endpoints with a verified service, and avoid providing real payment credentials until you confirm the backend and data handling policies.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fmgxhqvynx2nnbpj8ep5vbh84xgxy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments