Skillv1.0.2

ClawScan security

Contract Intelligence Review · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 25, 2026, 5:46 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what its description says (PDF extraction → AI analysis → billing), but there are multiple metadata/instruction inconsistencies and data-sharing points (billing + AI) you should understand before installing.
Guidance: This skill is functionally coherent with its described purpose, but there are inconsistencies and privacy implications you should weigh before installing: - Metadata mismatch: The registry lists no required env vars, but the SKILL.md and code require OPENAI_API_KEY, SKILL_BILLING_API_KEY, and FEISHU_USER_ID (and optionally OPENAI_API_BASE and fallback keys). Treat the SKILL.md as the authoritative runtime requirement, not the registry metadata. - Data sharing: The skill will send the extracted contract text to an external AI provider (OpenAI/MiniMax/custom endpoint) for analysis. The billing process will transmit FEISHU_USER_ID (and potentially other billing info) to a third-party endpoint (https://skillpay.me). Do not use with highly sensitive contracts unless you accept that data will be shared with those endpoints and have confirmed their privacy/processing policies. - Billing behavior: If SKILL_BILLING_API_KEY is missing or if the billing request fails, the code can fall back to a 'dev mode' that allows processing without charging. This may be intentional for development, but it means billing checks can be bypassed on network failure—verify this behavior if you rely on accurate billing. - Secrets management: Use a dedicated API key with minimal scope (or a separate billing account) rather than your primary production keys. Confirm which AI endpoint will receive data and whether that provider will retain or log inputs. - Packaging/integrity: The repository includes requirements.txt but no install recipe; dependencies and missing packages (e.g., numpy used in OCR) suggest immature packaging. Review the code and test in a sandboxed environment before providing real contract data. If you want to proceed, verify the SkillPay domain, confirm privacy/retention policies for the AI provider you will use, supply keys scoped to a test account, and run initial tests on non-sensitive sample contracts in a sandbox.

Review Dimensions

Purpose & Capability: noteThe code and SKILL.md align with the stated purpose: PDF extraction, contract-type detection, and sending text to an AI service for risk analysis. Billing via SkillPay is coherent with the documented per-call charge. However, the registry metadata claims no required environment variables while SKILL.md and the code require several (OPENAI_API_KEY, SKILL_BILLING_API_KEY, FEISHU_USER_ID, etc.), which is an inconsistency between the manifest and the runtime instructions.
Instruction Scope: noteSKILL.md directs the agent to fetch files from Feishu, URLs, or local paths and to store them under /tmp/contracts/<uuid>.pdf; it also instructs sending extracted text to an OpenAI-compatible API and using SkillPay for billing. Those actions are within scope for a contract-review skill. Items to note: the SKILL.md instructs use of Feishu-specific fetchers (feishu_im_bot_image / feishu_im_user_fetch_resource) but the included Python code does not implement Feishu integration — that must be performed by the agent runtime. SKILL.md explicitly transmits a Feishu user id to a third-party billing API (skillpay.me) which is expected for billing but is additional data sharing.
Install Mechanism: noteThere is no install spec (instruction-only install), which minimizes disk-level install risk. However, a requirements.txt is included (PyMuPDF, pdfplumber, pytesseract, pdf2image, openai) but no install step is declared in the manifest — inconsistent but not immediately dangerous. Also, requirements.py lacks numpy which the OCR routine uses, indicating sloppy packaging rather than malicious behavior.
Credentials: concernThe skill requires sensitive environment variables (OPENAI_API_KEY for AI calls; SKILL_BILLING_API_KEY for SkillPay billing; FEISHU_USER_ID is sent to billing). Those are proportionate to the declared features, but: (1) the registry metadata lists none — a mismatch that can hide the needed secrets from reviewers; (2) the code also reads fallback vars (OPENAI_API_KEY_FALLBACK, OPENAI_API_BASE_FALLBACK) not documented in SKILL.md; and (3) billing transmits user identifier data to a third-party (skillpay.me). If you plan to analyze sensitive contracts, note that the full extracted text is sent to an external model provider (OpenAI/MiniMax/custom) and to the billing service, so keys and user IDs will be exposed to those services.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills or global agent settings, and only writes temporary files under /tmp. It does perform network calls (AI provider and billing API), which is expected and documented. No elevated persistence or privilege escalation behavior observed.