ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

openclaw-whobot-skill

v1.0.0

WhoBot (呼波特) AI电话数字员工知识库。加载后可回答关于 WhoBot 的一切问题:公司信息、产品能力、核心技术(拟人化引擎 & 拟角色飞轮)、业务场景、行业案例、团队、合规等。 触发条件:用户提问涉及 WhoBot、呼波特、AI电话数字员工、AI通话、智能电话、电话机器人、语音AI、拟人化引擎、拟角色...

1· 72·0 current·0 all-time
by@whobot-ai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description claim a WhoBot knowledge skill and the included files (server.py + references/knowledge.md) implement a local knowledge server and search over a packaged knowledge file, which is coherent. However, SKILL.md metadata lists the 'gh' binary as required while neither SKILL.md nor the provided code use 'gh' — this is unexplained and disproportionate to the stated purpose (suggests either leftover metadata or missing sync code).
Instruction Scope
Runtime instructions restrict answers to the packaged references/knowledge.md and specify terminology and answer formatting (promotional constraints). That scope is appropriate for a knowledge skill. The SKILL.md references a sync script scripts/sync-knowledge.sh and a GitHub repo path for the upstream knowledge file; the sync script is not present in the package. If the skill expects to fetch or sync remote data, those steps are not implemented in the included code, which is an inconsistency worth clarifying.
Install Mechanism
This is instruction-only with no install spec and only contains a lightweight Python server implementation and static knowledge file. No downloads, installers, or extracted archives are present, which is low-risk from an install perspective.
Credentials
The skill declares no environment variables or credentials, and the code does not read env vars or external credentials. The only disproportionate requirement is the declared required binary 'gh' (GitHub CLI) that is unrelated to the provided implementation — it could be legitimate if missing sync code is expected, but currently it's unexplained.
Persistence & Privilege
The skill does not request always:true and is not force-included. It provides a local stdio/http MCP server; running the HTTP mode would expose an HTTP endpoint if the operator chooses to start it, so network exposure is an operational risk but not a privilege escalation built into the skill.
What to consider before installing
What to check before installing: 1) Ask the author why the SKILL.md requires the 'gh' binary — either remove that requirement or provide the missing sync code that uses gh. 2) Verify the full server.py content (the provided excerpt appears truncated); ensure there are no hidden network calls or exec() usage in the rest of the file. 3) If you don't need remote access, run the skill in stdio mode only and do not start the HTTP server on a public interface. 4) If you expect knowledge to be refreshed from GitHub, request or inspect the sync script (scripts/sync-knowledge.sh) to confirm it does not exfiltrate secrets or pull sensitive files. 5) Review references/knowledge.md for any accidental sensitive information before exposing the skill to other users. If these inconsistencies are explained (e.g., gh used by a documented sync script) the skill would be coherent; until then treat the package with caution.

Like a lobster shell, security has layers — review code before you run it.

latestvk973epeg6fxsj1yxeen95eyx0s83dhnf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦞 Clawdis
Binsgh

Comments