ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

CEO小茂能力包

v1.8.2

CEO小茂聚合技能包。用于外贸 CEO/业务负责人场景:协调汇报、Google Maps 商务联系人收集、OneABC 模型调用、邮件发送、WhatsApp 消息发送、WhatsApp 会话助理,并支持一键初始化模板文件。适用于想安装后快速搭建一套可配置业务工作流的人。

1· 74·0 current·0 all-time
by@xingfan0828
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md and bundled scripts clearly require mail/WhatsApp/OneABC credentials and CLI/binaries (openclaw, Chrome/chromedriver for selenium) but the registry metadata declares no required environment variables or binaries — this mismatch is unexpected and should be corrected. The requested credentials (MAIL_ACCOUNT, MAIL_CREDENTIAL, GREEN_API_*, ONEABC_ACCESS_CREDENTIAL) do align with the stated capabilities but were not declared in the manifest.
Instruction Scope
Runtime instructions steer the agent to create and read many local files (workspace templates, contact lists, product DB, logs) and to run the included scripts which call external services (WhatsApp via Green API, OneABC API) and spawn a local CLI (openclaw) for AI replies. The instructions are mostly scoped to the stated workflow, but the SKILL.md does not call out the dependency on an 'openclaw' CLI or on selenium/Chrome for Google Maps scraping — the agent will call these without the manifest declaring them.
Install Mechanism
No install spec is present (instruction-only plus bundled scripts), so nothing is automatically downloaded or written during install. Risk from install mechanism is low; however, running the scripts will write files into the chosen workspace and may require installing external packages and binaries (Chrome, chromedriver, Node runtime).
!
Credentials
Multiple sensitive environment variables are needed by the scripts (email SMTP credentials, WhatsApp/Green API instance and credential, ONEABC access credential). That number and sensitivity are proportionate to the described features, but the skill metadata did not advertise these requirements. Additionally, oneabc.js constructs the Authorization header via concatenation ('Author' + 'ization') — a mild obfuscation that makes automated scanning harder and should be disclosed. Default endpoints (e.g., API_URL default in auto_reply set to 'https://7107.api.greenapi.com' and OneABC default 'https://api.oneabc.org') exist; ensure you understand which external service will receive credentials and messages.
Persistence & Privilege
The skill is not marked always:true and uses normal agent invocation. It creates and manages its own workspace files, logs, and state files in the chosen directory — expected behavior for this kind of assistant. It does not request modifications to other skills or global agent settings.
What to consider before installing
This package appears to implement the features it advertises, but its manifest is incomplete and there are a few implementation details you should verify before use: - Expect to provide SMTP credentials (MAIL_ACCOUNT / MAIL_CREDENTIAL), WhatsApp/Green API credentials (GREEN_API_URL, GREEN_API_INSTANCE_ID, GREEN_API_CREDENTIAL), and OneABC credentials (ONEABC_ACCESS_CREDENTIAL). Do not supply high-privilege or production credentials without testing in isolation. Consider using accounts with limited scope. - The scripts call an 'openclaw' CLI and use Selenium (Chrome / chromedriver). The manifest omitted these required binaries — install and test these separately before running auto_reply or get_google_maps_leads. - oneabc.js uses a default API host (https://api.oneabc.org) and the Python auto-reply has a default GREEN API host; confirm these endpoints are ones you trust. The code concatenates the 'Authorization' header name (evasion-style) — ask the author why that was done and prefer transparent header construction. - Google Maps scraping via selenium may violate Google’s terms of service in some contexts; review legal/ethics before scraping. - Run the skill in an isolated workspace or container, review the created files (.known_customers.json, .boss_notifications.json, logs) and the code yourself, and prefer creating test accounts to reduce exposure of primary credentials. If the publisher can update the registry metadata to declare required env vars and binaries and explain the header-concatenation and default endpoints, the incoherences would be resolved and risk lowered.
scripts/oneabc.js:2
Environment variable access combined with network send.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

ceovk9792s9jj1vq8mpsqgndm0e3p1840ymhcoordinatorvk9792s9jj1vq8mpsqgndm0e3p1840ymhforeign-tradevk9792s9jj1vq8mpsqgndm0e3p1840ymhlatestvk973nez74t416wy8ppxeahwbk18423sj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments