Skill Trust Decision
ai-intelligent-helpdesk
Skill provides only documentation with no actual implementation code; installation instructions reference a non-existent remote repository and nonexistent local files (requirements.txt, app.py), constituting doc-to-code mismatch and potential social engineering.
Most direct threat evidence
01
Skill is distributed as documentation-only package with no code delivery · SKILL.md
02
Installation instructions redirect user to clone unverified external repository delivery · SKILL.md
03
User blindly executes pip install and python app.py from an untrusted third-party repository, gaining full shell access to the environment Impact · SKILL.md
Why this conclusion was reached
1/4 dimensions flagged Pass
Declared vs actual capability
Declared resources and inferred behavior are broadly aligned.
Pass
Hidden execution and egress
No obvious high-risk egress or execution signals were found.
Block
Attack chain and severe findings
The report includes 3 attack-chain steps and 0 severe findings.
Review
Dependencies and supply chain hygiene
Dependency information is incomplete, so supply-chain confidence stays limited.
Attack Chain
01
Skill is distributed as documentation-only package with no code
delivery · SKILL.md:1
02
Installation instructions redirect user to clone unverified external repository
delivery · SKILL.md:31
03
User blindly executes pip install and python app.py from an untrusted third-party repository, gaining full shell access to the environment
Impact · SKILL.md:30
What drove the risk score up
Doc-to-code mismatch +20
SKILL.md describes a full FastAPI application with ticket management, smart dispatching, and knowledge base, but the package contains zero implementation files
Non-existent installation artifacts +15
SKILL.md references pip install -r requirements.txt and python app.py, but neither requirements.txt nor app.py exist in the package
Unverified remote repository +10
Install instruction clones https://github.com/openclaw-skills/ai-intelligent-helpdesk — an unverified external source with no code review possible
Obfuscated authorship +5
skill.json author field 'yang1002378395-cmyk' appears to be an auto-generated or obfuscated identifier with no verifiable identity
Most important evidence
Medium Doc Mismatch
No implementation code present
The package declares a FastAPI-based enterprise helpdesk system but contains only documentation files (SKILL.md, skill.json). No Python source files, no requirements.txt, no app.py — the entire implementation is absent. This makes independent security verification impossible.
SKILL.md:30 Request actual source code before any security assessment. Refuse to install from the remote repository without code review.
Medium Doc Mismatch
Installation points to unverified external repository
The install instructions direct users to `git clone https://github.com/openclaw-skills/ai-intelligent-helpdesk` — a third-party repository that has not been security reviewed. The user is expected to download and execute code from this external source blindly.
SKILL.md:31 Do not clone or execute code from this repository. Insist on a complete, self-contained package with all source code included in the skill bundle.
Low Doc Mismatch
Package metadata mismatch
skill.json has 'author': 'yang1002378395-cmyk' (likely an auto-generated identifier) and 'description': 'AI intelligent ai-intelligent-helpdesk' which is a near-duplicate tautology, suggesting non-professional packaging. Combined with the missing code, this weakens trust in the skill's provenance.
skill.json:3 Verify the identity and reputation of the skill author before use.
Declared capability vs actual capability
No capability matrix was produced.
Suspicious artifacts and egress
No obvious IOC was extracted.
Dependencies and supply chain
There are no structured dependency warnings.
File composition
2 files · 58 lines
Markdown 1 files · 51 linesJSON 1 files · 7 lines
Files of concern · 2
SKILL.md No implementation code present · Installation points to unverified external repository
skill.json Package metadata mismatch
Security positives
No malicious code found — no code exists in this package at all
No sensitive file access observed (no filesystem code present)
No network exfiltration code present (no scripts to analyze)
No credential harvesting logic (no executable code)
No obfuscated payloads (base64, eval, or shell commands)
No supply chain risk via dependencies (no dependency files)