Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Treehole
v1.1.0PKU Treehole (北大树洞) anonymous forum CLI tool built in Rust. Use this skill when working on the treehole crate, debugging treehole commands, adding features t...
⭐ 0· 117·0 current·0 all-time
by@wjsoj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description and the SKILL.md consistently describe a PKU Treehole CLI helper; that purpose is coherent. However, the manifest declares no required env vars or config paths while the SKILL.md explicitly documents reading credentials from the OS keyring, an env var (PKU_SMS_CODE), and persisting sessions to ~/.config/info/treehole/. The absence of those declared requirements is an inconsistency.
Instruction Scope
The SKILL.md instructs agents to perform auth flows (IAAA SSO, JWT callback), auto-login using credentials from the OS keyring or env, and to persist/read session data from a home-directory path. Those are legitimate for a CLI client, but they involve accessing sensitive local secrets (keyring, session tokens) and an SMS code env var; the skill instructions therefore reach beyond purely read-only help text and could cause the agent to use or transmit secrets.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk by an installer step — lowest install risk.
Credentials
Although the manifest lists no required environment variables or config paths, the SKILL.md expects PKU_SMS_CODE and credential resolution from the OS keyring (and fallback to env). Requesting or using those secrets is reasonable for login functionality, but the skill should have declared them. The undeclared access to keyring/session files reduces transparency and is disproportionate to what the metadata advertises.
Persistence & Privilege
The CLI persists session state to ~/.config/info/treehole/ (JWT/session tokens) per the docs. That behavior is expected for a CLI client and the skill is not configured as always:true. Still, persisted tokens are sensitive — verify how they are stored and how to revoke them if needed.
What to consider before installing
This skill appears to be a helper for the Treehole CLI, but its runtime instructions expect access to local credentials (OS keyring), a PKU_SMS_CODE env var, and session files even though the skill metadata declares none. Before installing or enabling it: 1) confirm the skill's source and inspect the actual code or repo (the package lists no homepage/source). 2) Do not set PKU_SMS_CODE as a persistent global environment variable; prefer ephemeral use if you must test. 3) Be cautious about allowing any agent to read your OS keyring or session files — run in a sandboxed account or VM if possible. 4) Verify how session tokens are stored and how to revoke them (or delete ~/.config/info/treehole/) after use. 5) If you rely on this for course/schedule answers, consider cross-checking with other official sources. If the publisher can provide the crate repository or a signed release, that would materially increase confidence.Like a lobster shell, security has layers — review code before you run it.
clivk974xs7r08ecmh1xfr9ew295ah84g4ttlatestvk97ej3c5s0gvjd6w8gweyx7nmx84wbj3pkuvk974xs7r08ecmh1xfr9ew295ah84g4ttrustvk974xs7r08ecmh1xfr9ew295ah84g4tttreeholevk974xs7r08ecmh1xfr9ew295ah84g4tt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.