ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

cloud189-storage

v1.0.0

操作天翼云盘,包括:登录获取鉴权Token、智能图片搜索、查询目录、查询文件列表、搜索文件、文件下载。

0· 28·0 current·0 all-time
byCloud189-netdisk@youngcrazy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (Cloud189 login, search, list, download) match the included reference documents and the single external API host (https://api.cloud.189.cn). There are no unrelated binaries, env vars, or install steps requested.
Instruction Scope
The SKILL.md plus reference files are explicit about workflows and limit actions to calling Cloud189's unified Skill API. However the docs instruct the agent to have the user copy/paste an OAuth authorization code and to exchange it (and then save the accessToken), which requires the user to disclose sensitive credentials in the conversation. The pre-scan flagged a 'base64-block' pattern in SKILL.md content — likely due to long encoded/example strings in responses but worth attention as a potential prompt-injection indicator.
Install Mechanism
Instruction-only skill with no install spec and no code files: lowest installation risk. Nothing is written to disk or downloaded by the skill package itself.
Credentials
The skill does not request platform environment variables or other unrelated credentials. It legitimately needs the user's Cloud189 accessToken. However the guidance to save accessToken as an environment variable or paste authCode/accessToken into the chat increases the risk of credential leakage; the skill does not enforce secure storage best practices.
Persistence & Privilege
No always:true, no installs, and no modifications of other skills or global agent configuration. The skill is user-invocable only.
Scan Findings in Context
[base64-block] unexpected: The scanner flagged a base64-like block in SKILL.md. This repository is instruction-only and includes long encoded-like strings in example responses; that can trigger such heuristics. Still, treat this as a possible prompt-injection indicator and verify there are no hidden encoded payloads or instructions embedded in files.
What to consider before installing
This skill appears to implement Cloud189 file operations and the included docs are consistent with that purpose, but it requires you to complete an OAuth exchange and (per the docs) paste the authCode or accessToken into the chat and/or save it in your environment. Before using/installing: 1) Do not paste long-lived access tokens or auth codes into public or untrusted chat/history; prefer performing the token exchange locally (browser or your machine) and only provide short-lived/least-privilege credentials if absolutely necessary. 2) Confirm the API host (api.cloud.189.cn) is legitimate for your account and the fixed header value (xkey: e87f4d25953fg) is expected by the service. 3) If you must share tokens for assistance, consider creating a temporary account or revoking the token immediately after use. 4) Because the scanner found a 'base64-block' pattern in the docs, inspect the skill files for any hidden/encoded instructions before granting it access to sensitive data. If you are uncomfortable pasting tokens into the agent, do the OAuth exchange yourself and copy only the minimum data needed (or have the agent guide you without accepting tokens directly).

Like a lobster shell, security has layers — review code before you run it.

latestvk970cv3gykk3s9vwp5yh9b3mr984qgj0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments