Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
96push
v1.0.1Remotely control 96Push desktop client to query accounts, create and publish content across multiple social media platforms, and poll publishing results.
⭐ 0· 67·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill name/description (remote control of 96Push) matches the included script and docs: the CLI wraps requests to api.96.cn to query accounts, create content, publish, and poll results. However the registry metadata does not declare the required PUSH_API_KEY (the script and SKILL.md both require it). The missing metadata entry is an incoherence that reduces transparency.
Instruction Scope
SKILL.md instructs the agent to run the bundled Python script and to request the user's API key (PUSH_API_KEY). It explicitly tells the agent to save a key the user provides to ~/.openclaw/.env. The runtime instructions do not request unrelated system files or other credentials, but they do direct the agent to collect and persist a sensitive secret from the user — this should be done only if the user trusts the skill/source.
Install Mechanism
No install spec; this is instruction-only plus a bundled Python script. Nothing is downloaded from arbitrary URLs or written by an installer. Risk from install mechanism is low.
Credentials
The script requires a single API key (PUSH_API_KEY), which is proportionate to controlling a 96Push client. The problem: the registry metadata lists no required env vars, so automated permission/visibility is missing. Additionally, SKILL.md encourages the agent to collect the API key from the user and persist it to ~/.openclaw/.env — storing secrets to disk via the agent increases risk if the skill or agent environment is compromised. The skill does not request unrelated credentials, but the omission from metadata and the instruction to save secrets are concerns.
Persistence & Privilege
The skill is not always-enabled and uses default autonomous invocation (normal). It will, however, persist a user-provided API key to ~/.openclaw/.env if the user gives it — writing to the user's home directory is a limited but real persistence action. This combination (autonomy + stored key) expands the blast radius if the key is compromised, so verify trust in the skill/source before providing keys.
What to consider before installing
Before installing: recognize that the script needs a PUSH_API_KEY (the manifest did not declare this) and SKILL.md tells the agent to ask you to paste that key and will save it to ~/.openclaw/.env. Only provide the key if you trust the skill and the unknown owner. Prefer setting PUSH_API_KEY yourself as an environment variable or place it manually in ~/.openclaw/.env instead of pasting it in chat. Verify the domain api.96.cn and that 96Push (push.96.cn) is the legitimate service you intend to use. Consider creating a scoped/revocable API key and revoke it after use or if you stop using the skill. Do not share other secrets; if you are uncomfortable with the agent writing to your home directory, do not install. The main inconsistency is the manifest omission of the required env var and the instruction to persist secrets — that is why this skill is flagged 'suspicious'. If you want higher confidence, ask the publisher for provenance (homepage, owner identity) and for the manifest to explicitly list PUSH_API_KEY as a required credential.Like a lobster shell, security has layers — review code before you run it.
latestvk976xwkb4hrqhva0abtevvrr4h84ztq4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.