Back to skill
Skillv1.0.6
ClawScan security
Doubao Launch · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 8, 2026, 9:07 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (launch a Windows GUI app) is plausible, but the package contains no executable script or install steps and points to an absolute local path—the pieces don't line up and require further verification before use.
- Guidance
- Do not install or run this skill without confirming where the referenced script (doubao_auto_workflow.py) comes from. The package contains only metadata and instructions; the actual automation script is missing and the plugin entry points to an absolute path on the developer's machine. Before using: 1) obtain and inspect the full Python script (and any helpers) to verify it does only the expected GUI automation; 2) ensure you understand and accept that the agent will run local code via WSL and interact with your Windows desktop and files; 3) verify you have the Doubao app, WSL, and Windows Python installed in the expected locations; 4) prefer a version hosted on a project repository/homepage or a packaged release rather than relying on local absolute paths. If you cannot review the missing script, treat this skill as untrusted.
Review Dimensions
- Purpose & Capability
- concernThe skill claims to run a Python automation script (doubao_auto_workflow.py) to launch a Windows GUI via WSL, which is consistent with the described purpose. However, no script or binaries are included in the bundle and the plugin manifest's entry field points to an absolute local path (/mnt/h/AI/openclaw_workspace/...) that appears to be the developer's machine layout. The skill does not declare required local prerequisites (Windows Python, WSL, Doubao app, the script path), so the declared capability is not matched by what is provided.
- Instruction Scope
- noteSKILL.md instructs the agent to execute a local Python script via WSL and to interact with the Windows desktop and files (works/ directory, /mnt/h/...). These instructions are within the domain of a GUI automation skill, but they grant the agent permission to run arbitrary local code and access Windows filesystem paths. Because the referenced script is not included, the instructions are effectively a pointer to external local code the user must already have; that missing piece is a risk (you should inspect that script before running).
- Install Mechanism
- concernThere is no install spec (instruction-only), which is low-risk in itself. However, the openclaw.plugin.json 'entry' points to an absolute host path (under /mnt/h/...) but no code is bundled. This mismatch means the skill expects files to already exist on the user's machine or developer environment, which is incoherent and could lead an agent to attempt to access arbitrary local paths.
- Credentials
- okThe skill requests no environment variables or credentials and does not attempt to read unrelated secrets in SKILL.md. That is proportionate for a local GUI automation helper. It does, however, assume access to WSL and Windows filesystem mounts—these are reasonable but undocumented prerequisites.
- Persistence & Privilege
- okThe skill does not request always:true or any elevated persistent presence. It is user-invocable and allows normal autonomous invocation by the agent (platform default). No attempts to modify other skills or system-wide configs are present in the provided files.