Back to skill
Skillv1.0.0
ClawScan security
文章风格克隆助手 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 9, 2026, 8:15 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- 功能与描述一致,但清单和元数据遗漏了对外LLM调用所需的环境变量和默认 API 端点(api.deepseek.com),这意味着用户内容 will be sent to an external service without the skill metadata declaring that requirement — a privacy/consistency concern.
- Guidance
- Before installing or using this skill: - Expect your reference articles and draft to be sent to an external LLM service; do not submit sensitive or confidential text. - The skill's metadata does NOT list required API keys, but the script requires OPENAI_API_KEY or DEEPSEEK_API_KEY — confirm which key you must provide and whether you trust the target endpoint (default https://api.deepseek.com). - If you prefer a specific provider (e.g., OpenAI), set OPENAI_API_BASE and OPENAI_API_KEY and test with non-sensitive content first. - Review scripts/clone_style.py yourself (or with a security-savvy person) to confirm there are no hidden endpoints or unexpected behavior; the code appears straightforward but the default endpoint may be unfamiliar. - Consider whether cloning a living author's style raises copyright or ethical concerns in your use case. If you need higher assurance, ask the skill author to update registry metadata to declare required env vars and to document the default API provider and its privacy policy.
Review Dimensions
- Purpose & Capability
- concern功能与“风格克隆”描述一致 — 脚本将参考文章与素材发送给一个 LLM 来生成改写版本。但 registry 元数据 declares no required env vars/credentials while both README 和脚本 expect an API key (OPENAI_API_KEY or DEEPSEEK_API_KEY). 元数据与实际能力不一致,应该声明所需凭证。
- Instruction Scope
- concernSKILL.md 指令会执行 scripts/clone_style.py,并将用户提供的参考文章与原始素材作为 prompt 发往远端 /chat/completions 接口。该流程会把用户文本发送到外部服务(默认 API_BASE=https://api.deepseek.com),SKILL.md/README 未充分提示隐私或内容外发风险。除此之外,指令并未访问本地无关文件或凭据。
- Install Mechanism
- ok无安装规范(instruction-only + 附带脚本),脚本只使用标准库 urllib 等,无额外第三方依赖或可疑下载,写磁盘仅限于可选输出文件。安装风险低。
- Credentials
- concern脚本需要 API 密钥(OPENAI_API_KEY 或 DEEPSEEK_API_KEY)并可能使用 OPENAI_API_BASE 和 LLM_MODEL,但 registry 要求部分声明为“无”,Primary credential 未设置。请求的环境访问与功能相关但未在元数据中声明 — 这是不一致且对用户决策重要。默认 API_BASE 指向 api.deepseek.com(不是公开的 OpenAI endpoint),应确认其信誉和隐私策略。
- Persistence & Privilege
- ok没有 always:true,skill 不会强制常驻或修改其他技能/系统配置。没有不当持久化或权限提升行为。