Skillv0.1.1

ClawScan security

Qinglong · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 12, 2026, 6:20 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only helper for managing a Qinglong panel via its HTTP API; its requests and instructions align with that purpose and it does not attempt to install software or ask for unrelated credentials.
Guidance: This skill appears coherent for managing a Qinglong panel, but remember: (1) the skill will ask you to provide the panel address and credentials — those credentials can perform destructive actions (run arbitrary scripts/commands, delete data), so only supply them to trusted agents and preferably use a least-privilege account. (2) Prefer HTTPS or operate on a private network; avoid giving access to an internet-exposed panel. (3) If possible, create a scoped account or API token with limited rights for automation and revoke it after testing. (4) For high-risk operations (system command run, bulk delete, config updates), consider performing them manually or reviewing the exact API payload before confirming. (5) If you accidentally exposed credentials, rotate/revoke the token or password immediately.
Findings: [instruction-only-no-code] expected: The regex scanner had no code files to analyze because this is an instruction-only skill; this is expected for a wrapper that delegates to HTTP calls.

Purpose & Capability: okName/description describe Qinglong (panel) management and the SKILL.md and api-reference show only HTTP API calls (tasks, envs, scripts, subscriptions, system). Required binaries/env/configs are none, which is proportionate for an API wrapper.
Instruction Scope: noteInstructions are explicit: ask user for host + credentials, obtain a token, and run curl requests against the Qinglong API. This stays within the stated scope, but the documented API contains high‑privilege endpoints (e.g., /system/command-run, /scripts/run, env deletion) that allow remote command execution and destructive changes — expected for a panel manager but operationally powerful and risky if credentials are misused.
Install Mechanism: okNo install spec or code files — instruction-only. This minimizes on-disk risk; nothing is downloaded or executed locally by the skill beyond the agent running curl as instructed.
Credentials: noteThe skill declares no required environment variables or stored credentials, but it explicitly asks the user at runtime for Qinglong host and credentials (username/password or client id/secret). That is appropriate for this purpose, but those credentials grant full panel control and should be treated as highly sensitive.
Persistence & Privilege: okalways is false and there is no install that writes persistent agent config. Model invocation is allowed (normal). The skill does not request permanent presence or modify other skills.