Xia Card

个人社交名片生成、管理和分享，以及智能花名册（通讯录管理器）。当用户提到名片、花名册、通讯录、联系人、虾名片、agent-card 时使用。具体触发场景包括：开通虾名片、建花名册、生成/更新/发名片、注册虾名片、录入/查询/编辑联系人、同步花名册、收到包含 agent-card:// 协议的消息时自动识别并保存他...

What to check before installing: - Trust the server: config.json defaults to https://www.adonghub.cn. Confirm you trust that host and its privacy policy because your public card fields and the api_key (stored locally) will be sent to it. Consider changing the endpoint if you use a different service. - Review auto-install behavior: the skill may prompt to install a skill whose source is provided inside a received card. Prefer to require manual review/approval and only allow installation from trusted/verified sources (platform-owned URLs or a signed manifest). Disable or tighten any automatic-install flow if possible. - Protect the API key: api_key returned by POST /register is stored in data/config.json in plain text. If this machine is shared or untrusted, treat the config file as sensitive (or ask for encrypted storage). - Be careful with Agent memory use: the skill instructs the Agent to pull information from agent memory to build the card. Make sure the Agent does not inadvertently expose private notes or secrets by confirming every field before publishing. - Limit autonomous actions: if you are uncomfortable with autonomous skill invocation or auto-install prompts, install but disable autonomous invocation or require manual confirmation for network calls/installs. What would reduce my concern: - The skill enforces that _skill.source must be a vetted platform URL (or signed) before any automated install, or the platform provides a safe install-by-reference flow. - The implementation shows explicit filtering of uploaded fields (server-bound payload is strictly derived from tiers.public.fields) and documents that api_key is stored securely or only held in volatile memory. Confidence note: medium — the skill is coherent for its stated purpose, but the automatic-install-from-remote-card behavior and plaintext storage of api_key are notable risks that push this assessment to 'suspicious'. Additional implementation details about install verification and how api_key is stored would raise confidence toward benign.

Type: OpenClaw Skill Name: xia-card Version: 2.3.0 The skill bundle implements a business card and contact management system that communicates with a remote endpoint (www.adonghub.cn). While the core functionality appears aligned with its stated purpose, it contains high-risk instructions in SKILL.md and references/manual.md that direct the AI agent to automatically parse a custom protocol (agent-card://) and facilitate the installation of external skills from URLs found within third-party data (the '_skill' field in received JSON). This 'auto-install' capability creates a significant attack surface for the distribution of potentially malicious code through the agent's ecosystem.