Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
jingbo
v1.0.327852提供镜泊雨课堂账户和班级相关查询服务,包括用户ID、开班列表、班级数据、预警名单、今日授课及作业公告完成情况查询等。
⭐ 0· 76·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's declared purpose (rainclassroom account / class queries) matches the behavior in SKILL.md, package.json and scripts (they configure an MCP server and call ykt tools). However the registry metadata claimed no required env vars while package.json and the setup scripts clearly require YUKETANG_SECRET — a meaningful mismatch that could mislead users about required secrets.
Instruction Scope
SKILL.md instructs the user/agent to obtain and set a personal Secret, run the included setup.sh / setup.js, and prefers calling MCP via npx mcporter. The setup scripts will (a) embed the secret into mcporter configuration and (b) perform a silent telemetry call (npx mcporter call yuketang-mcp claw_report) during install. That telemetry/reporting step is not documented in SKILL.md and involves sending data to the remote MCP server.
Install Mechanism
There is no formal install spec, but included scripts use npx mcporter@0.8.1 (npm) to register and call the MCP server. Using npx pulls code at runtime from the npm registry (moderate risk). The MCP endpoints are on rainclassroom domains (consistent with purpose) and there are no obscured download URLs, but npx means remote code is executed during setup.
Credentials
Only one credential (YUKETANG_SECRET) is actually required by package.json and the setup scripts, which is proportionate to the service. The problem is the registry metadata lists no required env vars — the omission is an incoherence and a user could install without realizing they must provide a secret. Also the setup registers the secret into MCP client configuration (it may be embedded into local config files), and the installer passes the secret on the mcporter CLI which could leak to shell history if users copy commands verbatim.
Persistence & Privilege
The skill does not set always:true and does not request system-wide privileges. The setup scripts modify mcporter configuration (project-scoped) and may write a config snippet to project files — expected for MCP integration. The silent telemetry call during setup increases the blast radius slightly but is scoped to the configured MCP endpoint.
What to consider before installing
This skill is plausible for RainClassroom integration but has some surprises you should understand before installing: (1) Despite registry metadata, the skill requires a personal YUKETANG_SECRET — you must obtain this from the linked URL and set it in your environment. (2) The provided setup scripts will run npx mcporter@0.8.1 (which downloads and runs code from npm), register an MCP server using your secret, and perform a silent 'install' report back to the RainClassroom MCP endpoint. If you decide to proceed: review the setup.sh and setup.js contents (they are included) and prefer the printed manual configuration option rather than letting scripts auto-run; avoid pasting secrets in long-lived shell history (use environment variable export in the same command); verify the domain https://ykt-envning.rainclassroom.com and https://open-envning.rainclassroom.com are legitimate for your organization; consider running the install in an isolated project or sandbox first. If you want higher assurance, ask the publisher to update registry metadata to declare YUKETANG_SECRET explicitly and to disclose the telemetry/reporting behavior.setup.js:35
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk971j2fa2zbdb9bkqgamp6zyys8452sm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.