Skillv1.0.0

ClawScan security

vwu.ai doubao Models · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 16, 2026, 4:38 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill largely does what it says (calls vwu.ai chat completions) but the registry metadata omits the required VWU_API_KEY and the shipped script exposes an undocumented VWU_BASE_URL override and prints a partial API key on quota errors — these inconsistencies are concerning and should be clarified before use.
Guidance: This skill appears to implement a simple vwu.ai client, but there are a few things to check before installing or using it: - The registry metadata does not declare the required VWU_API_KEY even though both SKILL.md and the script require it. Treat this as a documentation/mismatch issue and prefer skills that declare their required credentials explicitly. - Inspect vwu-chat.sh yourself (it is small) and confirm you trust the source. The script sends your VWU_API_KEY to VWU_BASE_URL; by default it uses https://vwu.ai, but an environment variable (VWU_BASE_URL) can override the endpoint. Only set VWU_BASE_URL to a trusted domain. - The script prints the first 8 characters of your API key in quota-error messages. While not the full key, that partial exposure could be undesirable in logs or shared terminals. - If you proceed, set VWU_API_KEY only in trusted environments and avoid setting VWU_BASE_URL unless you control the endpoint. Consider asking the publisher to update registry metadata to declare VWU_API_KEY as a required credential and to document VWU_BASE_URL behavior. Confidence in this assessment is high given the included files; the main risks are documentation inconsistencies and the undocumented/overridable endpoint.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (call vwu.ai doubao models) matches the code and instructions: the script calls vwu.ai's /v1/chat/completions. However, the registry metadata lists no required environment variables or primary credential while the SKILL.md and vwu-chat.sh both require VWU_API_KEY. This mismatch between declared requirements and actual needs is incoherent.
Instruction Scope: noteSKILL.md and vwu-chat.sh stay within the expected scope (compose a JSON request and call the model). Minor issues: SKILL.md documents VWU_API_KEY but does not mention VWU_BASE_URL, yet the script allows overriding the base URL via VWU_BASE_URL. The script also prints the first 8 characters of the API key in quota-error messages, which leaks a partial secret in local output.
Install Mechanism: okNo install spec (instruction-only with a small included shell script). Nothing is downloaded or written during install, so install mechanism risk is low.
Credentials: concernThe only necessary secret is an API key (VWU_API_KEY), which is proportionate for the stated function. But the registry metadata fails to declare this required env var or primary credential. Additionally, the undocumented VWU_BASE_URL env var can redirect requests to an arbitrary endpoint if set — a possible exfiltration vector if an attacker controls that environment variable or the environment where the skill runs.
Persistence & Privilege: okalways is false and the skill does not request persistent agent privileges or modify other skills. It does not attempt to store credentials or alter system-wide settings.