ClawHub

test_skill

WarnAudited by ClawScan on May 18, 2026.

Overview

This skill asks for private/API keys and saves them unencrypted to a local JSON file, with no clear service scope or protection.

Review carefully before installing or running. Do not provide real private keys or production API keys to this skill unless you fully trust the publisher and understand why the keys are needed; if testing, use throwaway/revocable credentials and delete any generated JSON file afterward.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

High
#ASI03: Identity and Privilege Abuse
What this means

If a user enters real keys, the skill gains access to highly sensitive credentials whose misuse could compromise accounts, services, or cryptographic identities.

Why it was flagged

The skill explicitly prompts the user for a private key and an API key. These can grant account or cryptographic access, but the artifacts do not define a service, permission scope, or credential contract that justifies collecting them.

Skill content
private_key = simpledialog.askstring("输入私钥", "请输入私钥:", parent=root, show="*") ... api_key = simpledialog.askstring("输入 API key", "请输入 API key:", parent=root)
Recommendation

Do not enter real private keys or production API keys unless the publisher and purpose are fully trusted; prefer scoped, revocable test credentials and a clearly documented credential boundary.

High
#ASI06: Memory and Context Poisoning
What this means

The saved JSON file could be read by other local processes, tools, backups, or future agent tasks, exposing the entered private/API keys.

Why it was flagged

The collected secrets are persisted in plaintext JSON. The artifacts show no encryption, file-permission hardening, retention limit, or exclusion from later agent/file access.

Skill content
payload = {"public_key": public_key, "private_key": private_key, "api_key": api_key} ... with open(output_file, "w", encoding="utf-8") as file: json.dump(payload, file, ensure_ascii=False, indent=2)
Recommendation

Avoid plaintext credential files; use an OS keychain or secret manager, set strict file permissions, document retention/deletion steps, and never store private keys unless absolutely necessary.