Back to skill
Skillv0.2.1
ClawScan security
Line Client · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewFeb 24, 2026, 2:22 PM
- Verdict
- Review
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions expect local Python/Node code, tokens in ~/.line-client, and a local HMAC signer, but the packaged skill contains only a SKILL.md with no code or install instructions — these inconsistencies are suspicious and warrant caution.
- Guidance
- Do not install or run this skill as-is. The SKILL.md expects code, Node/Python runtimes, WASM files, and persistent tokens under ~/.line-client, but the skill package contains no code or install steps — this could be an incomplete/abandoned integration or a sign the publisher expects you to fetch and run external binaries. Before proceeding ask the publisher for: (1) the full source code or a trusted GitHub release URL and checksums, (2) an explicit install script or package (so you can inspect what will be installed), and (3) a clear list of required binaries/env vars. If you must test it, run it in a tightly sandboxed environment (isolated VM or container), avoid exposing real LINE credentials (inspect ~/.line-client/tokens.json first), and be prepared to rotate LINE tokens/credentials after use. If you don't trust the source, don't run the Node HMAC signer or provide any tokens — these components can sign requests and persist credentials on disk.
Review Dimensions
- Purpose & Capability
- concernThe description promises a full LINE client (QR login, HMAC-signed gateway access, WASM, local signer), yet the skill package contains no code or install spec. The SKILL.md references repo files (/data/workspace/line-client, src/*, lstm.wasm) that are not provided. The declared metadata requests no binaries or env vars even though the runtime requires Python, Node.js, and WASM — this mismatch suggests the package is incomplete or intentionally misleading.
- Instruction Scope
- concernRuntime instructions direct the agent to read persistent files (~/.line-client/tokens.json, cert cache), run a Node HMAC signer on port 18944, and execute QR login flows that emit PINs and tokens. These actions access user-home files and open network ports and could expose credentials/tokens. The SKILL.md also expects emitting QR/pin events to external recipients (send_qr_image_to_user, send_pin_to_user_IMMEDIATELY) which is broad and could enable credential exfiltration if misused.
- Install Mechanism
- noteNo install spec is provided — the skill is instruction-only. That lowers the immediate disk-write risk from this package, but the instructions require installing/running external code (Python modules, a Node signer, WASM) from a referenced repo. The lack of an install mechanism combined with references to external binaries is inconsistent and increases operational risk.
- Credentials
- concernThe skill declares no required env vars or credentials but explicitly reads tokens from ~/.line-client/tokens.json and uses certificates in ~/.line-client/sqr_cert. Requesting access to private token files without declaring them is disproportionate. Running a local HMAC signer and producing long-lived tokens (stored in home) increases the sensitivity of the required environment access.
- Persistence & Privilege
- noteThe skill does not request 'always' or other elevated platform privileges, but its runtime writes and reads persistent files in the user's home (~/.line-client) and requires running a local service (port 18944) to sign HMACs. That gives it ongoing local persistence if the user installs the recommended components — acceptable for a client but something the user should consciously permit.