by 安全扫描
OpenClaw
可疑
medium confidenceThe skill mostly implements what it claims (captcha login, daily recommendations, toplists) but the runtime instructions and files reference and persist secrets in a workspace path that was not declared, and a prompt-injection pattern (base64-block) was detected in the SKILL.md — review before installing.
评估建议
This skill generally does what it says: it uses SMS captcha to log in to music.163.com, fetches daily recommendations and public charts, and saves login cookies so you don't re-login every time. Before installing: 1) Inspect the included scripts yourself (they're in scripts/) to confirm there are no hidden network endpoints or obfuscated code. 2) Note the skill will write cookies to /root/.openclaw/workspace/secrets/netease_cookies.json — treat that as sensitive and ensure only trusted processes...详细分析 ▾
✓ 用途与能力
The name/description match the included Python clients: sending SMS captcha, logging in, fetching personalized daily recommendations and public toplists. Required dependency (cryptography) and use of music.163.com endpoints align with the stated purpose. No unrelated external services or credentials are requested.
⚠ 指令范围
SKILL.md instructs running scripts from /root/.openclaw/workspace and the code reads/writes /root/.openclaw/workspace/secrets/netease_cookies.json to persist login cookies. The manifest declared no required config paths, so the instructions reference a secrets path that wasn't declared — this is an inconsistency. Also the static scan flagged a 'base64-block' pattern in SKILL.md (possible prompt-injection payload); the visible SKILL.md is mostly benign, but the presence of a base64-like block in the doc should be inspected manually.
✓ 安装机制
There is no install spec (instruction-only), and the only installation instruction is 'pip3 install cryptography' which is proportional to the included Python code that uses cryptography primitives. No arbitrary remote downloads or extract steps are present in the package.
ℹ 凭证需求
The skill requests no environment variables or external credentials. It does require the user to provide a phone number and SMS code at runtime (expected). However, it persists cookies to a secrets file under the workspace; these cookies are authentication tokens and should be treated as sensitive. The manifest did not declare this config path, so confirm you are comfortable with the skill storing tokens in the workspace/secrets location.
✓ 持久化与权限
always:false and normal autonomous invocation settings. The skill persists login cookies to a workspace secrets file (expected for login flows) but does not request elevated platform privileges or modify other skills. Persisting cookies is normal for this feature, but it increases the attack surface if the workspace/secrets directory is accessible by other components.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/2/19
Initial publish from local workspace
● 可疑
安装命令
点击复制官方npx clawhub@latest install netease-music-pusher
镜像加速npx clawhub@latest install netease-music-pusher --registry https://cn.longxiaskill.com