Skillv1.0.3

ClawScan security

qiniu-kodo · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 6, 2026, 5:11 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches a Qiniu KODO client, but there are inconsistencies around Python vs Node usage and missing credential declarations; the installer writes credentials into disk and shell profiles and performs global installs which you should review before running.
Guidance: This skill appears to be a normal Qiniu KODO client, but there are a few red flags to review before installing: - The package declares Python/binaries (python3, pip3) and a python MCP package in metadata, but the distributed code is Node.js only and a referenced scripts/qiniu_python file is missing — ask the author or check for a missing Python implementation. - The installer (scripts/setup.sh) will create config/qiniu-config.json containing your AccessKey/SecretKey, append exports to your shell rc (~/.bashrc or ~/.zshrc), configure ~/.mcporter, and may perform global npm installs and move qshell into /usr/local/bin (uses sudo). Inspect the script fully and do not run it as root without review. - Because credentials are persisted on disk and in shell profile, prefer using least-privileged or ephemeral keys, or manually create the config file instead of running the automated installer. - If you want to proceed: run the setup script in a controlled environment (container or VM), avoid global installs by editing the script or running with --check-only first, and verify network downloads (qshell) point to official domains. Ask the maintainer to fix metadata (declare required env vars and either include or remove Python references) before trusting this skill in production.

Review Dimensions

Purpose & Capability: noteName/description match included Node.js code and an installer for Qiniu KODO. However SKILL.md metadata and required binaries list python3/pip3 and a python package (qiniu-mcp-server) while the packaged code is primarily Node.js (qiniu_node.mjs) and package.json only depends on the qiniu npm package. The docs reference a scripts/qiniu_python module that is not present. This mismatch is unexplained but could be sloppy packaging or incomplete files.
Instruction Scope: noteRuntime instructions tell the agent to run scripts/setup.sh and node scripts/qiniu_node.mjs (expected). The setup script creates a config file with access/secret keys, updates the user's shell rc to export QINIU_* vars, configures mcporter, and may install qshell and global npm packages. The instructions do not direct data externally beyond contacting known Qiniu endpoints and official devtools.qiniu.com for qshell; they do persist credentials to disk/profile which is within installer scope but should be noted.
Install Mechanism: noteInstallation uses npm (qiniu) and the setup script performs npm -g installs and downloads qshell from https://devtools.qiniu.com — all are expected for this skill and from plausible sources. The script may invoke sudo when moving qshell into /usr/local/bin and writes files under ~/.mcporter and ~/.local; these global installs increase impact if malicious but are coherent for a CLI installer.
Credentials: concernThe skill requires (and asks the user to provide) Qiniu accessKey/secretKey but does not declare required environment variables or a primaryEnv in the registry metadata. The setup script writes credentials to config/qiniu-config.json (chmod 600) and appends exports to the user's shell rc — persistent storage of secrets without explicit declaration is a proportionality/information gap. It also configures mcporter and qshell with those credentials.
Persistence & Privilege: noteThe skill does not request always:true. The installer will persist configuration and environment exports to the user's home (config/qiniu-config.json, ~/.mcporter/mcporter.json, and .bashrc/.zshrc) and may move a binary into /usr/local/bin (sudo). These are expected for an installer but grant lasting presence and require reviewing before execution.