Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
PKU Info Common
v1.0.0Shared library crate (info-common) providing IAAA authentication, OTP, session persistence, credential resolution, and QR rendering for PKU CLI tools. Use th...
⭐ 0· 87·0 current·0 all-time
by@wjsoj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name and description (shared auth/session/OTP/QR helper for PKU CLI tools) match the SKILL.md content: it documents iaaa, otp, session, credential resolution, and qr modules and how consumers should integrate. The capabilities described are coherent for a shared auth crate.
Instruction Scope
The runtime instructions tell agents to use keyring-backed credential resolution, read/write session files under ~/.config/info/<name>/ (session.json, cookies.json), and to set environment variables (PKU_SMS_CODE) for SMS flow. The skill also tells agents to run consumer CLI commands (info-auth check, <tool> login -p). These instructions go beyond mere documentation — they describe accessing local secrets and on-disk session state, but the skill metadata does not declare those accesses.
Install Mechanism
No install spec or code is included; the skill is instruction-only, so there is no installer that would write or execute code on disk. This is lower installation risk but also means you cannot inspect code until a code release/source is provided.
Credentials
The SKILL.md references environment variables PKU_USERNAME, PKU_PASSWORD, PKU_SMS_CODE and describes using OS keyring backends and session files, but the skill metadata lists no required env vars, no primary credential, and no required config paths. That mismatch is important: the instructions expect access to secrets (env vars, keyring, session files) but the declared requirements do not disclose or justify that access. Requiring or instructing use of SMS codes and keyring is plausible for an auth helper, but it should be declared explicitly and the source reviewed before granting access.
Persistence & Privilege
The skill is not always-enabled and does not request persistent elevated platform privileges. It does instruct use of local session storage and keyring, but it does not itself request to persist in agent configuration or modify other skills. No 'always: true' or other high-privilege flags are present.
What to consider before installing
This SKILL.md appears to document a legitimate PKU auth helper, but it references sensitive resources (OS keyring, ~/.config/info/<tool>/session.json and cookies.json, and env vars like PKU_PASSWORD / PKU_SMS_CODE) while the skill metadata declares none of those requirements and provides no source or homepage. Before installing: 1) ask the publisher for the source repository or a copy of the crate code so you can verify it does not exfiltrate secrets; 2) confirm whether your agent/runtime will allow the skill to access the OS keyring and ~/.config paths — if so, consider restricting or auditing those accesses; 3) do not set PKU_PASSWORD or PKU_SMS_CODE environment variables in a global context until you trust the code; 4) prefer an explicitly-declared, signed release (or a vendor with a homepage) over an anonymous instruction-only skill. If the maintainer provides the crate source and explicit required-env/config declarations that match the SKILL.md, my confidence in a benign assessment would increase.Like a lobster shell, security has layers — review code before you run it.
authvk97bcprtfej83j2sr7s5tebnv184g0p3iaaavk97bcprtfej83j2sr7s5tebnv184g0p3latestvk97bcprtfej83j2sr7s5tebnv184g0p3pkuvk97bcprtfej83j2sr7s5tebnv184g0p3rustvk97bcprtfej83j2sr7s5tebnv184g0p3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.