Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
AIButton
v1.0.0创建 Vision Node AI 按钮控件。根据客户描述生成AI控件的 aiui.json 和 index.html,并打包成 ZIP 压缩包。
⭐ 1· 60·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the actions described in SKILL.md (generate aiui.json and index.html, package ZIP). No unexpected credentials, binaries, or installs are requested. Minor mismatch: SKILL.md references a specific LLM info URL (https://www.minimaxi.com/) and instructs updating it if other models are used — that's informational and not harmful, but it suggests an origin expectation that isn't declared in metadata.
Instruction Scope
The instructions reference an absolute local file path (/Users/lippsli/Desktop/AI控件文档/AI 按钮制作文字描述模板V2.docx) even though requires.config paths list is empty. That is an inconsistency: the agent may attempt to read a developer's local document that won't exist for other users, or it reveals leftover developer-specific state. The SKILL.md also directs creating files, running python json.dump and python3 -m json.tool — expected for this task but these file I/O operations mean generated artifacts will be written to disk. The doc enforces strict rules (single-line JSON, naming conventions, iframe postMessage protocol) which are coherent with the purpose but leave wide discretion to the agent when user input is missing (auto-generate varying default descriptions).
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest install risk. No remote downloads or package installs are requested.
Credentials
No environment variables, credentials, or config paths are declared as required. The SKILL.md does not request secrets. The only notable thing is the reference to a local document path not declared in the skill metadata.
Persistence & Privilege
always is false and the skill is user-invocable; no special persistence or system-wide configuration changes are requested by the instructions.
Scan Findings in Context
[no_code_files_or_install] expected: The regex scanner had no code files to analyze; this is expected for an instruction-only skill. Absence of findings is not evidence of safety — the SKILL.md is the primary surface to review.
What to consider before installing
This skill appears to do what it says (generate aiui.json and index.html and pack them), but review the SKILL.md before installing. Key concerns: 1) It references a specific local file path (/Users/…/AI 按钮制作文字描述模板V2.docx) that is not declared in the skill metadata — remove or update that reference and ensure the skill does not try to read arbitrary local files. 2) The agent will write files and a ZIP to disk; plan to run it in a sandbox or inspect generated files before sharing them externally. 3) The generated HTML uses postMessage/iframe communication — verify the final code does not unintentionally leak data to parent frames or external endpoints (check for network calls or remote script includes). 4) Because the skill enforces strict naming/format rules, test with sample inputs to ensure outputs meet your pipeline; if you expect the agent to contact an LLM endpoint, confirm which endpoint will be used and ensure no hidden network calls. If you need higher assurance, request the skill author to remove developer-local paths, provide example outputs, or supply a version that includes explicit, auditable file-handling steps.Like a lobster shell, security has layers — review code before you run it.
latestvk97cncxh3fjhxsxsd2mxdba0nh843sf2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.