v1.0.10

openclaw-skill-customs

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:19 AM.

Analysis

The skill’s behavior matches its customs-document purpose, but it sends sensitive uploaded trade documents to the Leap/DaoFei platform and leaves local task copies.

GuidanceBefore installing, make sure you are comfortable sharing the selected customs documents with the Leap/DaoFei platform. Configure LEAP_API_KEY only through secure environment settings, verify the file list and classification before confirming, and clean up local task folders when the job is done.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

等用户确认文件列表无误后才执行上传 ... python scripts/file_transfer.py --mode upload ... python scripts/submit_and_poll.py --mode customs

The skill instructs the agent to run local helper scripts that upload files and submit remote processing tasks, but it also requires user confirmation and the behavior is central to the stated customs-document workflow.

User impactIf the user confirms the wrong files, those files may be sent to the external processing service.

RecommendationReview the file list and classification results carefully before confirming upload and customs processing.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

scripts/requirements.txt

Step 6（结果修改）需要 openpyxl 用于读写 Excel 文件：
#   pip install openpyxl

The optional Excel-modification step may require installing an unpinned third-party Python package; it is disclosed and only needed for user-requested edits.

User impactInstalling a package adds a normal software supply-chain dependency to the local environment.

RecommendationInstall openpyxl from a trusted package index and consider pinning an approved version in managed environments.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

scripts/submit_and_poll.py

api_key = os.environ.get("LEAP_API_KEY", "") ... "Authorization": f"Bearer {api_key}"

The scripts use a LEAP_API_KEY bearer token to authenticate to the Leap platform, which is expected for this integration but still grants account-level service access according to the key's permissions.

User impactAnyone with access to the configured API key could potentially use the associated Leap account permissions.

RecommendationConfigure the key only through the platform’s secure environment settings, use the least-privileged/revocable key available, and rotate it if exposed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

scripts/file_transfer.py

url = f"{base_url}/api/v1/files/upload" ... with open(file_path, "rb") as f: file_data = f.read()

The helper reads uploaded document bytes and sends them to https://platform.daofeiai.com for processing; this is disclosed and purpose-aligned, but it crosses an external provider boundary.

User impactInvoices, packing lists, bills of lading, amounts, product details, and other trade data may be processed by the external service.

RecommendationUse this skill only for documents you are allowed to share with the Leap/DaoFei platform, and follow your organization’s data-handling policy.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

mkdir -p tasks/customs_<YYYYMMDD_HHMMSS>/raw ... 后续所有步骤的中间文件（classify_result.json、customs_payload.json 等）都存放在该任务目录下

The workflow intentionally stores raw documents and intermediate/results files in a local task directory for later steps and modifications.

User impactSensitive customs documents and extracted business data may remain on disk after the conversation ends.

RecommendationStore the workspace securely and delete the task directory when the work is finished if retention is not needed.