Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Pipaclaw Skills Hub
v0.2.1Front door for Pipaclaw public skills. Route users to the right skill for presentations, social account operations, and promotional video production without...
⭐ 0· 331·0 current·0 all-time
byeric@xexojay
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (a routing front door) align with the included SKILL.md files and many reference docs describing routing rules and per-skill behavior. However the package contains multiple shell scripts under promo-video-maker/scripts/*.sh and a PUBLISHING.md that references local CLI tooling and a token-based login flow. The hub's public-package contract says helper scripts may be present only if they are thin public wrappers; presence of non-trivial scripts is proportionally unexpected for a documentation-first public hub and warrants manual review to confirm they are indeed thin wrappers and not backend logic or hidden network clients.
Instruction Scope
The hub SKILL.md itself is narrowly scoped: route requests to ppt-maker, social-account-ops, or promo-video-maker and expose only public-safe packages. The social-account-ops and ppt-maker SKILLs instruct agents to perform 'research' on live platform links (resolve short links, read homepages, read note bodies) which implies fetching external web content; this behavior is coherent with the skill purpose but expands the runtime surface (network fetches of user-supplied links). There are no instructions in the hub SKILL.md to access local secrets, but some repository docs (PUBLISHING.md) include local paths and commands intended for human maintainers — ensure the agent will not run those scripts or commands automatically.
Install Mechanism
No install spec is declared (instruction-only), which lowers risk. But the repo contains executable shell scripts (bootstrap.sh, encode-file.sh, quote.sh, poll-task.sh, hub-api.sh). Because there is no install step declared, these files won't be auto-downloaded/installed by the platform, but a runtime agent or human operator could execute them. Without the scripts' contents provided here, it's impossible to rule out hidden network endpoints, credentials, or sensitive operations. Manual inspection of these scripts is recommended.
Credentials
The skill declares no required environment variables, no primary credential, and no required config paths — consistent with a routing/documentation front door. Some docs mention using a 'token' for publishing (PUBLISHING.md) and a local proxy (127.0.0.1:7890) for maintainers; these are operational details for maintainers and not declared runtime requirements. This is proportionate, but double-check any shell scripts for hard-coded credentials or implicit credential use (e.g., references to CLASHX, clawhub tokens).
Persistence & Privilege
The skill does not request persistent privileges (always: false) and does not request to modify other skills or global agent settings. Model invocation is allowed (disable-model-invocation: false), which is normal. There is no install spec that would grant long-lived binaries or services.
What to consider before installing
This hub mostly contains routing rules and extensive reference docs that match its declared purpose, but before installing or allowing autonomous use you should: 1) Review the shell scripts under promo-video-maker/scripts/ (bootstrap.sh, encode-file.sh, quote.sh, poll-task.sh, hub-api.sh) for any hard-coded endpoints, IPs, tokens, or file-system/network actions. 2) Confirm the scripts are thin public wrappers (no secret-handling, no background daemons, no uploads to unknown servers). 3) Note that the social-account-ops and ppt-maker SKILLs instruct live link research (resolving short links and reading pages) — expect the agent to fetch external URLs you provide; avoid sending private credentials or full account access in free-text. 4) Treat PUBLISHING.md as maintainer documentation — do not run its commands or supply tokens to the skill unless you trust the repo owner. If you can share the contents of the promo-video-maker scripts, I can re-check them for hidden endpoints or suspicious behavior; without that, the presence of executable scripts is the primary unresolved concern.Like a lobster shell, security has layers — review code before you run it.
latestvk974k5tpnyyt295fm0510w48tx83y5nj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.