Skillv1.0.0

ClawScan security

中考真题检索 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 2:42 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what its name says (search, download, verify Zhongkao papers) and is internally consistent, but there are security and operational concerns—most notably an explicit TLS certificate verification bypass in the download code and reliance on external search/upload tools—that warrant caution before installing.
Guidance: This package appears to implement the advertised search/download/verify workflow, but proceed carefully: - Major technical concern: download.py disables TLS certificate verification (ctx.check_hostname=False; ctx.verify_mode=ssl.CERT_NONE). This makes HTTPS connections vulnerable to MitM and could cause the script to download tampered or malicious files. Before running, remove the bypass so certs are validated, or explicitly document and accept the risk in a secure environment. - Only download and open files from trusted sources. The scripts can fetch arbitrary URLs and write them to disk; a malicious or mistyped URL can deliver executable, archive, or malicious content. - Run first-time runs in a sandboxed environment (VM/container) and inspect downloaded files before opening. Verify.py helps, but it is not a substitute for safe handling of untrusted binaries/archives. - If you will upload materials to an external knowledge base (IMA) or use other search skills, confirm their credential and privacy implications separately—this skill references those workflows but does not provide the integration code. - If you expect to handle RAR files, install unar from a trusted package manager. Avoid running unknown extraction tools from untrusted sources. - Recommended quick code changes: in download.py remove or change the SSL context lines so verification is enabled (use default SSL context without forcing verify_mode=ssl.CERT_NONE and keep check_hostname=True). Consider adding a safelist of allowed hostnames (e.g., files.eduuu.com, zhongkao.com) if you only intend to fetch from known domains. - Legal/ethical note: ensure you have the right to download and redistribute exam materials in your jurisdiction and organization. Given the TLS bypass and the network/file-write behavior, treat this skill as potentially risky until you patch the cert validation and run it in a controlled environment.

Review Dimensions

Purpose & Capability: okName/description align with provided scripts and docs: search.sh builds search queries for known sources, download.py fetches files, verify.py inspects file format/contents. No unrelated credentials, binaries, or config paths are requested. The sources and edge-case notes match the intended purpose.
Instruction Scope: concernSKILL.md limits actions to searching, downloading, verifying, and organizing exam files. However download.py explicitly disables TLS verification (ssl.CERT_NONE / check_hostname=False) which weakens network security and can allow MitM or delivery of malicious payloads; SKILL.md does not warn users about this. The skill also instructs using external tools/skills (web_search, ima-skill, wechat-article-search) which may themselves require credentials or transmit data—those integrations are outside this package and could broaden the data flow.
Install Mechanism: noteThis is instruction-plus-scripts (no install spec). No packages are automatically downloaded by an installer, which lowers risk. It does require runtime tools not provided (python3, optional unar for RAR extraction, and external 'web_search' and IMA upload workflows). Users must install those separately; the lack of an automated install is acceptable but means manual dependency management is needed.
Credentials: okThe skill declares no environment variables or credentials. That is proportionate to its stated goal. Note: the SKILL.md references using other skills/tools (web_search, ima-skill, wechat-article-search) that may require credentials; those are external to this skill and should be considered separately.
Persistence & Privilege: okalways:false and no install-time persistence or modification of other skills. The skill does write downloaded files to disk (expected behavior) but does not request persistent elevated privileges or alter other skill configurations.