ClawHub
Back to skill
v1.0.2

alphaclaw

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:05 AM.

Analysis

AlphaClaw’s purpose is coherent, but it asks users to install an unreviewed global npm CLI that stores AK/SK credentials and can install or publish skills.

GuidanceInstall only if you trust the npm package and the SkillHub/AlphaShop account integration. Before using it, verify the package source, use a least-privileged key, avoid publishing or overwriting with --yes/--force unless you have reviewed the target, and know how to remove stored credentials from ~/.alphaclaw/auth.json.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityMediumConfidenceHighStatusConcern
SKILL.md
npm install -g 1688alphaclaw

The skill tells users to globally install an external npm CLI, but the reviewed artifact set contains no package source or install spec and the registry lists the source as unknown. That creates a provenance gap for a tool that will later receive credentials and manage skills.

User impactInstalling the package gives unreviewed CLI code local execution authority and makes it part of the user’s skill-management workflow.
RecommendationVerify the npm package publisher, source repository, and package contents before installing, and prefer a pinned version or reviewed source if available.
Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
SKILL.md
`alphaclaw install <技能名称> [选项]` ... `--force` 强制覆盖已安装的技能 ... `alphaclaw publish [目录路径] [选项]` ... `--yes, -y` 跳过确认提示,直接发布

The documented commands can overwrite local installed skills and publish skill packages. These actions are purpose-aligned and user-directed, but they can change local agent behavior or submit public/account content.

User impactA mistaken or overly broad command could replace an installed skill or publish a package without the normal confirmation prompt.
RecommendationReview skill details before installing, avoid --force and --yes unless intentional, and inspect any skill directory before publishing it.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusConcern
SKILL.md
AlphaClaw 使用 AK/SK(Access Key / Secret Key)认证。... 凭证保存在 `~/.alphaclaw/auth.json`,后续请求自动使用 JWT Token 认证(有效期 30 分钟,自动刷新)。

The CLI asks for account access keys and persists authentication material locally, while the registry metadata declares no primary credential. The artifacts do not show the credential scope or storage protections.

User impactThe installed CLI may be able to act as the user’s SkillHub/AlphaShop account for authenticated operations until credentials are removed or revoked.
RecommendationUse the least-privileged AK/SK possible, confirm the key is intended only for this service, protect or remove ~/.alphaclaw/auth.json when not needed, and revoke the key if the package is no longer trusted.