Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
支付宝支付异步通知助手
v1.0.1支付宝异步通知中继:本地开发无公网 IP 也能收到支付宝异步通知。 Skill 自包含 CLI 脚本,安装后 Agent 自动执行注册 → 获取 notify_url → 实时监听 → 查看原始报文 → 本地验签全流程。 仅依赖 Python 3,无需部署服务端。仅限联调环境。
⭐ 1· 18·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (Alipay async notify relay for local development) matches the included CLI and runtime instructions: the skill registers with a cloud relay, returns a notify_url, listens for notifications, and performs local RSA2 verification. However the skill relies on a specific remote relay (default http://8.136.213.223:9010) rather than a well-known vendor domain; that is unusual but explainable if the author operates their own relay.
Instruction Scope
SKILL.md instructs the Agent to execute the bundled scripts/cli.py directly and to edit/read configuration files in the developer's current working directory and home (~/.alipay-notify/config.json). The CLI also reads environment variables (NOTIFY_API_URL, NOTIFY_API_KEY, ALIPAY_PLATFORM_PUBLIC_KEY) even though the skill metadata declares none. The Agent will perform network registration and streaming with the remote relay; these operations access local filesystem paths outside the skill directory (.alipay-notify.json, possibly project root) and make outbound requests to an unverified host — this scope is broader than what the SKILL.md metadata declared.
Install Mechanism
There is no installer or external download — the code is bundled with the skill (instruction-only install). This lowers supply-chain risk, but the bundled CLI communicates with a hardcoded remote server IP (http://8.136.213.223:9010). Because the relay is an external, opaque service (IP, not a known release host), network interactions are a potential privacy/security concern even though nothing is downloaded at install time.
Credentials
The skill metadata lists no required environment variables, but the CLI explicitly recognizes and uses NOTIFY_API_URL, NOTIFY_API_KEY, and ALIPAY_PLATFORM_PUBLIC_KEY. It will store configuration in .alipay-notify.json in the current working directory (and also looks in project root and home). Requesting or using an API key for the relay is proportional to the purpose, but the fact that these env vars are not declared in the skill metadata is an inconsistency. Also the CLI suggests the Agent can edit the local config (write to cwd), which could inadvertently write sensitive values into a project repo if run from a repo root.
Persistence & Privilege
The skill does not request always:true and will not force-install itself. It will create and update a configuration file in the user's working directory and may use a per-tenant API key/token returned by the relay. That file persistence is expected for a CLI tool, but users should be aware the file may end up in a project directory or home folder and contain tokens/urls.
What to consider before installing
This skill appears to do what it claims (provide a cloud relay for Alipay notify callbacks), but exercise caution before installing:
- Verify the relay endpoint: the default server is an IP (http://8.136.213.223:9010). Confirm you trust that host or supply your own relay URL via NOTIFY_API_URL/--server. Using an unknown remote relay means unencrypted notify bodies and metadata pass through that service.
- Inspect the bundled scripts/cli.py yourself (it is included) to confirm behavior. The CLI is the runtime surface; it performs network calls, saves config files, and can print raw POST bodies.
- Run in an isolated environment first (container/VM) or from a disposable directory so .alipay-notify.json is not written into a source repo. The tool searches upward for a .git root and may write config into project directories.
- Do not provide private merchant keys or other secrets to the relay. The tool expects an Alipay public key (used locally for verify) — never upload your private keys to the relay.
- Prefer using your own trusted relay or self-hosting if you cannot verify the remote service operator. If you proceed, set NOTIFY_API_URL and NOTIFY_API_KEY explicitly and review responses returned by /register and /health before handing over any production or sensitive data.
If you want higher assurance, ask the maintainer for a canonical domain, a signed release, or the ability to self-host the relay. If you cannot verify the remote service operator, treat this skill as potentially exposing webhook payloads to a third party.Like a lobster shell, security has layers — review code before you run it.
latestvk974q0h4mdczgh3fxeyyaqpym984q1qj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.