Skillv1.0.0

ClawScan security

AI Topic Scout · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 12:19 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions mostly match its stated purpose (fetch YouTube and X/Twitter content and write to a DingTalk AI table), but it asks for sensitive credentials (browser cookies / MCP URL) and global installs without declaring those requirements, which is an inconsistency you should understand before installing.
Guidance: This skill is coherent with its stated purpose, but pay attention to two practical security issues before installing: 1) Credentials not declared: The instructions require a DingTalk MCP Server Streamable HTTP URL and X/Twitter cookies (auth_token and ct0). These are sensitive credentials but the skill metadata does not declare them. Only provide them if you trust the skill and the environment where mcporter will send data. 2) Cookie-based Twitter auth: Extracting auth_token and ct0 from your browser is sensitive—these cookies grant access tied to your account. Prefer using a proper API token/session mechanism (if available), store tokens securely (not world-readable files), and avoid reusing personal account cookies on shared/dedicated servers. 3) Global installs & supply-chain: The skill asks you to npm -g / pip install several CLIs and to clawhub-install other skills. Review the npm/pypi packages (mcporter, @steipete/bird, yt-dlp, clawhub) and consider installing in a controlled environment (virtualenv, container, or dedicated VM) to limit blast radius. 4) Verify MCP endpoint: The mcporter registration requires you to provide the MCP Server URL — confirm this endpoint is a trusted DingTalk MCP server for your org and not a third-party capture endpoint. If you want to proceed: run the installs in an isolated environment, avoid exposing your main browser cookies (create a dedicated account or use API credentials), and verify the npm/pip packages' sources and versions. If you want, I can list the exact places where credentials are used in the workflow and suggest safer alternatives (OAuth, read-only service accounts, or rotating tokens).

Review Dimensions

Purpose & Capability: okName/description align with the actions in SKILL.md: it fetches YouTube and X/Twitter content (yt-dlp, bird) and writes to DingTalk AI tables (mcporter / dingtalk-ai-table). The declared dependencies (bird, yt-dlp, mcporter) are appropriate for the described functionality; installing related skills via clawhub is also consistent.
Instruction Scope: noteInstructions are concrete and confined to fetching content, summarizing, aggregating and writing records to a DingTalk AI table. They instruct reading the local references/config.json and running CLI calls. However, the runtime steps require obtaining X/Twitter cookies (auth_token and ct0) from the browser and registering a DingTalk MCP Streamable HTTP URL — both are sensitive and not declared as required secrets. The SKILL.md does not instruct the agent to exfiltrate data to unknown endpoints, but it does rely on user-supplied tokens and an MCP URL that could point to an external service.
Install Mechanism: noteNo formal install spec in the package (instruction-only). SKILL.md directs npm -g installs (mcporter, bird, clawhub) and pip install (yt-dlp) — these are standard package registry installs (npm/pypi). Global installs require elevated privileges and pollute system PATH; they are expected for CLI tooling but carry the usual supply-chain risk of npm/pip packages. There are no arbitrary downloads from obscure URLs in the install instructions.
Credentials: concernThe registry metadata declares no required environment variables or primary credential, yet the runtime instructions explicitly require: (1) a DingTalk MCP Streamable HTTP URL to register with mcporter, and (2) Twitter/X browser cookies (auth_token and ct0) to fetch tweets via bird. These are effectively credentials but are not declared. The skill also instructs writing tokens into ~/.config/bird/config.json5 or passing them as CLI args; that handling is sensitive and should be acknowledged in metadata.
Persistence & Privilege: okThe skill is instruction-only, always:false, and user-invocable; it does not request permanent inclusion or system-wide config modifications beyond creating/saving its own references/config.json. It does recommend installing other skills via clawhub, which will change the agent environment, but this is within the expected scope for a skill that coordinates other tools.