Is airclear/tc-protohub safe?
https://clawhub.ai/airclear/tc-protohub
This skill provides legitimate functionality for managing prototypes on the ProtoHub platform through file uploads and API interactions. The code is straightforward and transparent about its purpose, with no evidence of malicious behavior or hidden functionality. While it contains executable code and makes external network connections, these are appropriate for its stated function.
Category Scores
Findings (4)
MEDIUM Executable Python script present -15 ▶
The skill contains a Python script that performs file operations, ZIP creation, and HTTP requests to external APIs. While the functionality appears legitimate for prototype management, it represents executable code that could be modified or misused.
LOW External network connections -10 ▶
The skill makes HTTPS connections to external servers for API communication. These appear to be legitimate connections to ProtoHub API endpoints, but represent potential data transmission paths.
LOW Potential for directory upload misuse -15 ▶
The skill uploads user-specified directories to configured servers. If environment variables are compromised or users are socially engineered, sensitive directories could be uploaded to attacker-controlled servers.
INFO Mixed language documentation -5 ▶
The skill documentation contains both Chinese and English text, which could potentially be used to confuse users about the skill's actual functionality, though the content appears consistent and legitimate.