ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Architecture Evolution Coordinator

v1.0.0

协调星型记忆架构五阶段演进,管理插件协同,支持理念级外部项目分析与融合方案生成与验证。

0· 61·0 current·0 all-time
by@whoisme007
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The code and SKILL.md implement the advertised capabilities (phase/state checks, external-project analysis, mapping to existing plugins, report generation). However there are notable mismatches: registry metadata declares no required env vars or config paths, but SKILL.md and scripts expect environment variables (EVOLUTION_COORDINATOR_SENDER_EMAIL, EVOLUTION_COORDINATOR_SENDER_PASSWORD, EVOLUTION_COORDINATOR_RECIPIENT_EMAIL, optional GITHUB_TOKEN) and access hardcoded filesystem paths under /root/.openclaw/workspace. The hardcoded root workspace path and a fixed recipient email (johnson007.ye@gmail.com) are not justified by the description and are disproportionate to a generic 'coordinator' skill.
!
Instruction Scope
Runtime instructions and included scripts do more than high-level coordination: they fetch README files from GitHub, map extracted concepts to local plugins, import and instantiate local adapter modules from /root/.openclaw/workspace, run integration test scripts via subprocess, and generate/send reports (including automatic sending to a hardcoded recipient). These operations access local workspace files and may execute local code, which expands the attack surface and could expose or transmit sensitive internal data. The SKILL.md also instructs providing an email password and points to many local log/test paths.
Install Mechanism
There is no install spec (instruction-only with shipped scripts), which reduces installer risk. However SKILL.md references running 'pip install -r requirements.txt' and other local test scripts, but the manifest does not include a requirements.txt or explicit dependency metadata. That mismatch is an operational inconsistency (you may need to install dependencies yourself). No network downloads or obscure install URLs are present in the provided files.
!
Credentials
The skill suggests or uses sensitive environment variables (an email sender password and optionally a GITHUB_TOKEN). Requesting an email account password is high-risk and not strictly necessary if a less-sensitive API token or a dedicated send-only mailbox is used. The scripts also probe local workspace paths (/root/.openclaw/workspace, MEM ORY.md) and may read other skills' files—this level of filesystem access is broad relative to a passive analysis/reporting description. Additionally, metadata claims no required env vars, which contradicts SKILL.md and is misleading.
!
Persistence & Privilege
The skill does not request 'always: true' and allows normal autonomous invocation (default). Nonetheless, it reads and imports code from /root/.openclaw/workspace, runs local integration test scripts, and composes/sends email reports to an external address. That combination lets it access internal project data and transmit it externally (potential exfiltration). While not automatically elevating system privileges, the filesystem and network I/O privileges implied are significant and warrant caution.
What to consider before installing
Key things to consider before installing or running this skill: - Metadata mismatch: The registry lists no required env vars, but SKILL.md and the scripts expect environment variables (email sender address/password, recipient, optional GITHUB_TOKEN) and hardcoded workspace paths. Treat the SKILL.md values as authoritative only after you confirm them. - Sensitive credentials: The skill encourages providing EVOLUTION_COORDINATOR_SENDER_PASSWORD (an email password). Don't supply a personal or high-privilege password. If you need email functionality, use a dedicated send-only mailbox, an app-specific password, or a transactional-email API token with tightly scoped permissions. - Hardcoded external recipient: The skill defaults to sending reports to johnson007.ye@gmail.com. This is unexpected and could leak internal data. Remove or change that default before running; require interactive confirmation if the skill will send any report to external addresses. - Local filesystem & code execution: Scripts import and instantiate adapters and run integration tests from /root/.openclaw/workspace. Running these scripts may execute arbitrary local code. Run the skill only in an isolated environment (disposable VM or container) and inspect the referenced local files (tests, adapters, MEMORY.md) first. - Missing artefacts: SKILL.md refers to requirements.txt and several test scripts that are not present in the manifest snippets. Confirm all referenced files exist and review their contents before running pip install or pytest. - Audit and limit token scopes: If you provide a GITHUB_TOKEN, scope it minimally (read-only) and avoid using a token with org-wide permissions. - Prefer manual confirmation: If possible, modify or configure the skill so that any data-sending action (email, uploads, ClawHub publish) requires explicit user confirmation and shows the exact diff/report to be sent. - Further checks that would increase confidence: full listing of any omitted/truncated script parts, the requirements.txt, the actual code that sends emails (to confirm destination and contents), and whether any code opens arbitrary network endpoints. If you cannot validate these, run the skill only in an isolated sandbox and avoid providing sensitive credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk970qze41mxw8qb4dpffnjpk39839g9j

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments