ClawHub

生成软著材料

v0.1.2

创建生成软著材料生成任务:传入系统名称与接收邮箱,调用后端 API 创建任务并返回 taskId。 适用于将“创建任务”能力封装成可复用脚本,供自动化/工作流/平台集成调用。

0· 127·0 current·0 all-time
by@ziyiyu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description claim: create a task by calling a backend API. The included Python script does exactly that (POST /api/tasks with systemName and notifyEmail). No unrelated credentials, binaries, or install steps are required.
Instruction Scope
SKILL.md instructs running the provided Python script with system-name, notify-email, and optional access-token. It does not document the network destination, but the script posts to a single remote host (http://softcraft.cloud). The instructions stay within the stated purpose but omit an explicit warning that data (including any access token) is sent to that remote service.
Install Mechanism
No install spec — instruction-only with a small included script. Nothing is downloaded or written to disk by an installer; risk from install mechanism is minimal.
Credentials
No required environment variables or credentials are declared. The script accepts an optional access token via CLI argument only. The requested inputs (system name, email, optional token) are proportionate to the described functionality.
Persistence & Privilege
Skill is not always-included, does not modify other skills or system settings, and has no persistent/background components. It merely performs a one-time network request when run.
Assessment
This skill appears to do exactly what it says: POST a JSON payload (system name and notify email) to a backend and print the response. Before installing or using it, review and consider the following: 1) The script posts to http://softcraft.cloud (HTTP, not HTTPS) — data and any access_token passed will be transmitted in plaintext and could be intercepted; prefer HTTPS or change the endpoint to a trusted TLS-enabled host. 2) Confirm the destination (softcraft.cloud) is the service you intend to use and that you trust its privacy/security practices. 3) If you need to supply secret tokens, avoid passing them on command line if possible (command-line args can be visible to other local users); consider modifying the script to read a token from a secure environment variable or credential store and to use HTTPS. 4) If you need stronger assurance, run the script in an isolated environment or inspect network traffic to verify what is sent/returned. Overall the skill is internally coherent, but review the endpoint and switch to TLS before sending sensitive data.

Like a lobster shell, security has layers — review code before you run it.

latestvk971c6hfvy90hdbqph9vsxdpxh83xn6e

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments