ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

DataEase

v1.1.0

通过自然语言查询 DataEase 组织、切换组织、列出仪表板或数据大屏,并把指定资源导出为截图或 PDF。

1· 97·0 current·0 all-time
by@xuwei-fit2cloud
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's name/description (export DataEase dashboards) aligns with the included Python and Node scripts which call DataEase APIs and drive a headless browser. However the registry metadata declares no required environment variables or binaries while SKILL.md and the code clearly expect multiple environment variables (DATAEASE_BASE_URL, DATAEASE_ACCESS_KEY, DATAEASE_SECRET_KEY, DATAEASE_USERNAME, DATAEASE_PASSWORD, DATAEASE_LOGIN_ORIGIN) and external tools (openssl, Python3, Node/Playwright, Chromium). The omission in the manifest is an incoherence that could mislead users or automated installers.
Instruction Scope
SKILL.md instructions are scoped to listing orgs, switching orgs, listing resources, and exporting via a local browser preview; they instruct reading environment variables and .env, building tokens, calling DataEase endpoints, and running local browser capture scripts. The capture script's diagnostics collect page body/app HTML snippets and visible text (used for debugging) which could surface sensitive data from the preview page; while useful for diagnosing render issues, that behavior should be noted as it reads page content beyond just capturing an image/PDF.
!
Install Mechanism
There is no formal install specification in the registry despite a package.json and README that require npm install, Playwright installation, and Python dependencies. The code relies on native openssl via subprocess and on Playwright/Chromium for headless capture; absence of an install step means an agent or user might run the skill in an environment lacking these components, causing failures or prompting ad-hoc installation actions. Missing install metadata is both a usability and a security concern (unexpected binary usage).
!
Credentials
The skill needs sensitive configuration (access keys or username/password and base URL) which are proportionate to interacting with DataEase, but the skill manifest did not declare any required environment variables. The code will automatically read a .env in the repository root and will accept either credential method (accessKey+secretKey or username+password) and can consume an existing x-de-token. That the manifest omits these expectations is a coherence problem; users should treat provided secrets as high-value and avoid embedding them in chat messages.
Persistence & Privilege
The skill does not request 'always: true' and does not claim to modify other skills or global agent settings. It writes outputs (saved files) and may create temporary files, which is expected for an export tool. Autonomous invocation is allowed (platform default), so be cautious about giving it live credentials if you plan to let agents call it without supervision.
What to consider before installing
This skill appears to implement what it claims, but there are notable mismatches and runtime behaviors you should consider before installing or letting an agent invoke it autonomously: - Credentials and .env: The code expects DATAEASE_BASE_URL and either (DATAEASE_ACCESS_KEY + DATAEASE_SECRET_KEY) or (DATAEASE_USERNAME + DATAEASE_PASSWORD) and may read a .env in the repo root. The registry metadata did not declare these — do not paste credentials into chat. Provide credentials only via environment variables or ephemeral tokens and prefer least-privilege tokens. - Binaries and dependencies: The skill requires Python3, Node.js, Playwright (chromium), and the system openssl binary. There is no install spec, so you must run the README steps (npm install, npx playwright install chromium) manually in a safe environment. If you cannot or do not want to install these, do not enable the skill. - Data captured: The browser capture collects slices of page text and HTML for diagnostics (bodyText, appHtml) and injects tokens into localStorage to authenticate the preview page. These behaviors are necessary for rendering/export but may expose sensitive content from the preview page — run the skill only in a controlled environment. - Safest approach: Review the scripts yourself (they are included), run them manually in an isolated environment with ephemeral or scoped credentials, and confirm expected behavior before allowing the agent to invoke the skill autonomously. Request that the skill publisher update the manifest to declare required env vars and required binaries/install steps before trusting automated installation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cwz0cnz57wtcaqhrv3x2xt183xd9a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments