Back to skill
Skillv1.0.1
ClawScan security
错敏信息检测 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 10, 2026, 2:24 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and optional dependencies are consistent with its stated purpose (fetching pages and calling a UCAP sensitive-data detection API); no disproportionate credentials, installs, or unexpected behaviors were found.
- Guidance
- This skill appears coherent and security-conscious. Before installing: 1) Review where the UCAP API endpoint(s) are called in main.py so you know what external host(s) receive data. 2) Use an isolated Python environment (venv) when pip installing the listed dependencies. 3) Do NOT enable dynamic/browser mode (DISABLE_JAVASCRIPT=False) unless you intentionally install Node/agent-browser/Chrome and you set a strict ALLOWED_DOMAINS whitelist — dynamic mode executes page JS and can create SSRF risks if misconfigured. 4) Treat the UCAP userKey like any API key: provide it only if you trust the UCAP service; the code stores it only in-process but suggests persisting as a system env var for convenience (avoid persisting secrets unless necessary). If you want extra assurance, request the maintainer to publish the UCAP API endpoint and any telemetry behavior in the code for review.
Review Dimensions
- Purpose & Capability
- okName/description claim detecting sensitive info via a UCAP API. The package contains code to fetch URLs, perform SSRF checks, and call an external API (userKey support). Required tooling (requests, dnspython, beautifulsoup) aligns with fetching/parsing/validating web content. No unrelated cloud credentials or unrelated system access are requested.
- Instruction Scope
- okSKILL.md and main.py limit actions to: validating URLs, optionally fetching page content (static or optional browser-based), and calling the UCAP service. The docs explicitly call out SSRF risks and require a whitelist for the dynamic/browser mode; the instructions do not direct the agent to read unrelated files or exfiltrate arbitrary environment data.
- Install Mechanism
- noteThere is no platform install spec (instruction-only installer), but requirements.txt and SKILL.md instruct pip installing dependencies. Dynamic mode requires external tooling (Node.js, agent-browser, Chrome) invoked via subprocess — this is optional and only necessary to enable browser rendering. This is expected for the described functionality but increases runtime footprint if dynamic mode is enabled.
- Credentials
- okNo required environment variables are declared. The code supports an optional UCAP_USERKEY (stored in process env only) to lift rate limits; this matches the described behavior. No unrelated secrets or multiple external service credentials are requested.
- Persistence & Privilege
- okThe skill does not request permanent/always-on privileges (always:false) and does not modify other skills or system-wide configs. It writes an optional userKey to the current process env only and documents this behavior. Autonomous invocation is allowed (disable-model-invocation:false) but that is the platform default and not, by itself, a risk here.