uos-cve-checker

这是一个用于检查 UOS（统信操作系统）系统 CVE 漏洞的技能。当用户需要检查特定漏洞是否影响 UOS 系统，或者需要获取漏洞修复信息和补丁下载链接时，应自动调用此技能。

This skill appears to do what it claims: query UnionTech's security advisory site and optionally download patch packages, then write results to cve_info.csv and architecture subfolders in the current directory. Before installing or running: 1) Review the full cve_checker.py source yourself (or in a sandbox) to confirm there are no hidden behaviors — the provided file is truncated in the report so double-check the complete file. 2) Run the script from a non-sensitive directory and as a non-privileged user to avoid accidental overwriting or unintended installs. 3) Be aware it will perform network requests to https://src.uniontech.com and may download binary patches — ensure you have sufficient disk space and bandwidth. 4) Inspect downloaded patches before installing them on production machines. 5) If you need higher assurance, run the script in an isolated environment (container or VM) and verify its HTTP calls and downloaded artifacts.

Type: OpenClaw Skill Name: uos-cve-checker Version: 1.0.0 The skill is a legitimate security utility designed to check UOS (UnionTech OS) systems for vulnerabilities by querying the official vendor security portal (src.uniontech.com). The script `cve_checker.py` parses CVE, CNNVD, and CNVD identifiers from a user-provided file, retrieves patch information via API, and optionally downloads deb/bin packages to local architecture-specific directories. No evidence of data exfiltration, malicious execution, or deceptive prompt injection was found.