Skillv1.0.1

ClawScan security

旺小美数据助手 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 3:38 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and network behavior mostly match the described purpose (querying 旺小美 APIs), but there are documentation/code inconsistencies and missing referenced files that could break or obscure the authorization flow—review before installing and trust the remote domains involved.
Guidance: What to consider before installing: - Functional mismatch: the README/SKILL.md mention files and a local callback server (manual-auth.js, references/auth.html) that are not present in the package and the actual auth code polls a remote site. This can break usage or hide differences between expected and actual flows. - Trust the domains: the auth flow polls https://www.wangxiaobao.com and API calls target wangkeapp.wangxiaobao.com. Only install if you trust those domains and the skill author. - Sensitive data: the skill stores an auth token at ~/.wangke-auth-token and will use it to retrieve customer records and recordings (likely PII and audio). Treat that token as sensitive; remove it if you stop trusting the skill (rm ~/.wangke-auth-token or run auth-manager clear). - Verify missing files: ask the publisher or inspect a full release that includes the referenced manual-auth.js and auth.html to confirm the auth UX is as expected. - Test in a safe environment: run the scripts in a disposable account or isolated environment first to observe where network calls go and what data is returned. If you cannot verify the missing files or the publisher's identity, consider not installing or only using read-only, low-privilege accounts for testing.

Review Dimensions

Purpose & Capability: okName/description match the actual functionality: the scripts call wangkeapp.wangxiaobao.com endpoints for user, audio, visit, and customer data and the skill requires an auth token. No unrelated credentials or binaries are requested.
Instruction Scope: concernThe SKILL.md and README describe an authorization flow that includes starting a local HTTP server and an auth HTML page, and reference helper scripts (manual-auth.js, references/auth.html). The included code (scripts/auth-manager.js) does not start a local server but polls a remote auth service, and the manifest does NOT include the referenced manual-auth.js or references/auth.html files. This mismatch (docs vs code vs missing files) is a functional/integrity concern and could hide unexpected behavior or cause the skill to fail.
Install Mechanism: okNo install spec; this is instruction-only with included Node.js scripts. No remote code downloads or extract steps are present in the package. The scripts optionally require the 'open' package but handle its absence gracefully.
Credentials: okThe skill requests no environment variables or external credentials. It persists an authorization token to ~/.wangke-auth-token (file permission 0o600 attempted). Persisting the service token is expected for the described behavior, but the file is a sensitive artifact that grants access to customer/recording data.
Persistence & Privilege: notealways:false (normal). The skill persists an auth token to the user's home directory and will reuse it; this is expected but grants continued access until the token file is removed. The skill does not request system-wide privilege changes or modify other skills.