中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:1 day ago Rescan
5 /100
qwen-portal-auth-helper
Automate qwen-portal OAuth authentication - solves interactive TTY problem with tmux
Legitimate OpenClaw OAuth automation utility with no malicious indicators - all capabilities align with documented purpose.
Skill Nameqwen-portal-auth-helper
Duration33.4s
Enginepi
Safe to install
This skill is safe for use. Continue standard deployment practices.
ResourceDeclaredInferredStatusEvidence
Shell WRITE WRITE ✓ Aligned index.js:execSync, scripts/*.sh
Filesystem READ/WRITE READ/WRITE ✓ Aligned reset-task-state.py:~/.openclaw/cron/jobs.json
Network READ READ ✓ Aligned get-qwen-oauth-link.sh:openclaw CLI
Skill Invoke YES YES ✓ Aligned SKILL.md:integration documentation
9 findings
🔗
Medium External URL 外部 URL
https://clawhub.com/skills/qwen-portal-auth-helper
PUBLISH_GUIDE.md:229
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/OpenClaw-Skill-blue.svg
README.md:6
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/version-1.0.0-green.svg
README.md:7
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/license-MIT-blue.svg
README.md:8
🔗
Medium External URL 外部 URL
https://img.shields.io/badge/based%20on-2026--03--09%20experience-orange.svg
README.md:9
🔗
Medium External URL 外部 URL
https://chat.qwen.ai/authorize?user_code=M17WU0SC
README.md:48
🔗
Medium External URL 外部 URL
https://chat.qwen.ai/authorize?user_code=XXXXXXX&client=qwen-code
SKILL.md:168
🔗
Medium External URL 外部 URL
https://chat.qwen.ai/authorize?user_code=M17WU0SC&client=qwen-code
examples/quick-recovery.md:37
🔗
Medium External URL 外部 URL
https://chat.qwen.ai/authorize[^
scripts/get-qwen-oauth-link.sh:67

File Tree

10 files · 58.5 KB · 2066 lines
Markdown 4f · 980L Shell 2f · 557L JavaScript 1f · 346L JSON 2f · 104L Python 1f · 79L
├─ 📁 examples
│ └─ 📝 quick-recovery.md Markdown 171L · 4.5 KB
├─ 📁 scripts
│ ├─ 🔧 check-qwen-auth.sh Shell 271L · 8.0 KB
│ ├─ 🔧 get-qwen-oauth-link.sh Shell 286L · 7.4 KB
│ └─ 🐍 reset-task-state.py Python 79L · 2.5 KB
├─ 📋 _meta.json JSON 74L · 2.5 KB
├─ 📜 index.js JavaScript 346L · 9.1 KB
├─ 📋 package.json JSON 30L · 852 B
├─ 📝 PUBLISH_GUIDE.md Markdown 253L · 7.6 KB
├─ 📝 README.md Markdown 166L · 5.1 KB
└─ 📝 SKILL.md Markdown 390L · 11.0 KB

Security Positives

✓ No credential harvesting or exfiltration - skill only reads/writes OpenClaw's own configs
✓ No base64 encoding or obfuscation detected
✓ No remote script execution (curl|bash patterns)
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ All shell commands are local to openclaw CLI tool
✓ No reverse shell or C2 communication patterns
✓ Uses tmux for legitimate TTY workaround (documented technique)
✓ Reports/logs stored in /tmp (standard temporary location)
✓ Clean, well-documented codebase with clear purpose
✓ MIT license, open source with GitHub repository