Noodle Create Writing

自媒体文章生成技能 - 根据关键词自动搜索、汇总数据、生成抖音/小红书/微博文章，特别擅长美食（面食）主题

What to check before installing or running this skill: 1) Credential mismatch: SKILL.md asks you to set TAVILY_API_KEY but the registry metadata does not declare any required env vars. Ask the publisher why this is missing, and only supply API keys to code you trust. 2) Command execution risk: search-content.js uses execSync to run a node script in a sibling tavily-search directory and places the user query directly into a shell command string without escaping. That can lead to command injection if the query contains quotes or shell metacharacters. Do not run this on untrusted inputs. Prefer running only after patching to use execFile/spawn with argument arrays or proper escaping. 3) External-skill dependency: the code expects a local ../../tavily-search installation and will execute it. Verify that tavily-search is the official package you expect and inspect its code before allowing execution. If that directory is missing or replaced by an attacker, arbitrary code could run. 4) Prompt-injection indicator: the SKILL.md contains unicode-control-chars which may be an attempt to hide or confuse content. Inspect the raw SKILL.md for hidden characters and sanitize before use. 5) Run in a sandbox: until you audit and/or fix the issues above, run the skill in an isolated environment (container or VM) with no sensitive credentials and limited filesystem/network access. 6) Remediations: (a) add TAVILY_API_KEY to the registry metadata if required; (b) avoid shelling out to sibling skill directories—use a documented API or invoke the tavily-search skill through the platform's official mechanism; (c) fix execSync usage to pass args safely; (d) remove unexpected unicode-control characters from SKILL.md. Given the combination of undocumented credentials, shell execution of sibling code, lack of escaping, and prompt-injection signals, treat this package as suspicious until the above concerns are addressed.

Type: OpenClaw Skill Name: noodle-create-writing Version: 1.0.0 The skill is classified as suspicious due to a shell injection vulnerability found in `scripts/search-content.js`. The `executeTavilySearch` function uses `child_process.execSync` to execute an external `node` command, constructing the command string with user-controlled input (`query` derived from `topic` and `keywords`). Although the `query` is wrapped in double quotes, this is insufficient to prevent shell injection if the user input contains crafted characters (e.g., `" || evil_command #`) that could break out of the quoted string and execute arbitrary commands on the host system. This represents a Remote Code Execution (RCE) risk, which is a critical vulnerability, but without evidence of intentional malicious exploitation, it is classified as suspicious rather than malicious.