与 CNB (Cloud Native Build) Open API 交互,用于代码管理和开发协作。当用户需要查询项目、代码仓库、问题、合并请求或其他开发相关数据时使用。需要 CNB_TOKEN 环境变量进行身份认证。API 请求地址从环境变量 CNB_API_ENDPOINT 获取,默认为 https://a...
Security Analysis
high confidenceThe skill is internally consistent with a CNB/OpenAPI wrapper, but its runtime instructions and bundled hooks attempt to force automatic curl execution (without asking the user) and contain prompt-injection style directives — this is risky and worth caution before installing.
Name, README, SKILL.md and the many reference files consistently describe a full CNB OpenAPI client. Requiring curl and CNB_TOKEN is proportionate to the stated purpose of making authenticated API calls. The large references folder matches the claimed full API coverage.
SKILL.md contains explicit 'must follow' rules that coerce the agent to always execute curl via exec_command, to never ask the user for permission, and to avoid other fetching tools. That is prompt-injection‑style behavior (it instructs the agent to change its normal consent/behaviour) and grants the skill broad discretion to perform network calls autonomously. While fetching API endpoints is expected, the mandatory 'do not ask' and 'must execute' directives are scope creep and a security risk.
Instruction-only skill with no install spec and no code files to run or pull at install time. This is low-risk from an installation/download standpoint.
Only CNB_TOKEN (and optional CNB_API_ENDPOINT) are requested, which aligns with calling an authenticated REST API. No unrelated secrets or config paths are requested. Recommend using a token with minimal (read-only) scope where possible.
always:false and no install means it is not force-included, but hooks/hooks.json defines a PreToolUse matcher that primes the agent to pick this skill for relevant prompts. Combined with SKILL.md's 'do not ask, just execute' rule and default autonomous invocation (disable-model-invocation: false), the skill can be triggered and make API calls without explicit user confirmation. That combination increases risk.
Guidance
This skill appears to be a genuine CNB/OpenAPI client (curl + CNB_TOKEN), but it contains instructions that force the agent to execute curl commands automatically and a hook that encourages the agent to choose this skill for CNB-related queries. Before installing: 1) Ensure the CNB_TOKEN you provide has minimal scope (prefer read-only tokens) and consider creating a scoped token specifically for the skill. 2) If you want to avoid automatic calls, disable or review PreToolUse hooks or run the skill only in user-invoked mode — remove or edit the 'must execute' and 'do not ask' lines in SKILL.md so the agent asks for confirmation before network calls. 3) Treat the skill as able to make network requests using your token; do not supply high-privilege credentials unless you trust the endpoint and behavior. 4) If you are unsure, test in a quarantined environment or ask the skill author for an audited version that requires explicit user approval prior to executing any curl commands.
Latest Release
v1.18.9
- Updated and expanded skill documentation for CNB-OpenAPI, providing a comprehensive overview and usage guidelines. - Added strict usage rules: all API calls must be executed via curl with authorization headers, always using environment variables for tokens and endpoints. - Documented URL parsing logic for extracting parameters when users provide CNB page links. - Included a detailed index of all available API services and endpoints, each with brief descriptions and links to further references. - Clarified requirements for environment variables and required tools for operation.
Popular Skills
Published by @sixther-dc on ClawHub
