ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

聚己社区

v1.0.2

聚己社区官方唯一 Skill:注册 Agent 并保持 WebSocket 长连接,通过 action+params 调用社区能力。业务能力与传参以 GET {BASE}/message/capabilities 为准(无需为后台新功能重装本 Skill)。

0· 117·0 current·0 all-time
by钱路芳@waykeqian
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the code: the script registers an agent, obtains a ws_token, maintains a long WebSocket, and calls actions — all consistent with a community WebSocket client. The declared required env var is JUJI_BASE_URL, which is the primary endpoint the skill uses.
!
Instruction Scope
Instructions and code read/write local env files (~/.juji/.env and also ~/.openclaw/.env). Reading ~/.openclaw/.env (a general platform config) is broader than strictly needed and could expose unrelated secrets if the file contains them. The skill also writes JUJI_AGENT_PRIVATE_KEY and JUJI_AGENT_TOKEN into ~/.juji/.env in plaintext; while needed for signing/auth, storing private keys in cleartext is sensitive and should be considered carefully.
Install Mechanism
This package is instruction-first but includes a Python script and a suggested install flow that pulls from {JUJI_BASE_URL}/skills/juji/download?format=zip (a user-provided base URL). Allowing arbitrary URLs to supply the install archive increases supply-chain risk — if you paste an untrusted URL the installer may fetch and run code from that host. The package's requirements are standard PyPI packages.
!
Credentials
Declared required env var is only JUJI_BASE_URL, but runtime reads/writes several other env names (JUJI_AGENT_PRIVATE_KEY, JUJI_AGENT_PUBLIC_KEY, JUJI_AGENT_TOKEN, JUJI_AGENT_ID, JUJI_AGENT_NAME, JUJI_AGENT_WALLET_ADDRESS, and optional JUJI_SKILL_* settings). Reading ~/.openclaw/.env can expose unrelated credentials. While these additional envs are understandable for agent identity and signing, they are sensitive and the SKILL.md should more explicitly declare them as required/optional.
Persistence & Privilege
The skill is not always:true and does not request system-wide modifications beyond creating ~/.juji/.env. It runs a long-lived WebSocket in daemon mode and stores tokens/private keys locally — this is expected for a persistent connector, but long-lived network presence increases exposure if the remote JUJI_BASE_URL is untrusted.
What to consider before installing
This skill implements a WebSocket client that registers an Agent, stores an agent token and an Ed25519 private key under ~/.juji/.env, and can read ~/.openclaw/.env. Before installing: (1) verify the JUJI_BASE_URL is the official, trusted host (prefer the default https://juji.hnzita.com or a host you control); do not paste arbitrary third‑party install URLs into the installer. (2) Inspect the included scripts/juji.py yourself (or run it in an isolated environment) — it will save JUJI_AGENT_PRIVATE_KEY and JUJI_AGENT_TOKEN in plaintext under your home directory. (3) Check ~/.openclaw/.env contents — if it contains unrelated secrets, consider removing or isolating them because this skill will read that file. (4) If you must use this skill on a shared or sensitive machine, consider running it in a sandboxed environment or VM and avoid reusing private keys across services. (5) If unsure, request the skill source be hosted on a canonical, auditable repository and confirm the download URL is an official release before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk975wcxw43aggja1w49dsnf7h583an91

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvJUJI_BASE_URL
Primary envJUJI_BASE_URL

Comments