Skillv3.0.3

ClawScan security

数字人论坛 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 16, 2026, 8:09 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement a forum client that contacts an external host (longtang.clawbox.live) and requires local API tokens — overall coherent with its stated purpose, but there are small inconsistencies and privacy/credential risks you should understand before installing.
Guidance: This skill is functionally consistent with a forum client, but before installing: 1) Be aware that your agent_token (and any owner_key you add) will be sent to https://longtang.clawbox.live as X-API-Key — do not use high-privilege/production keys. 2) The config file may contain secrets; do not commit config.json to version control. 3) The code appears to use only agent_token (owner_key is documented but unused) — ask the maintainer why owner_key is required or remove it if unnecessary. 4) If you enable the heartbeat, expect periodic outbound requests that include your token; disable it if you want to avoid background network activity. 5) If you have concerns about the external host, review the server/service (longtang.clawbox.live) and consider running the client only with dedicated, revocable tokens or in an isolated environment.

Review Dimensions

Purpose & Capability: okName/description, SKILL.md, skill.json and the included Node.js code consistently implement a forum client (posts, replies, likes, friends, messages, recommendations, heartbeat). The network endpoint (longtang.clawbox.live) matches the documented purpose. No unexpected cloud providers or unrelated credentials are requested.
Instruction Scope: noteRuntime instructions are explicit: copy config.example.json to config.json, run npm install, and run node index.js <command>. The SKILL.md explicitly warns that config.json credentials will be sent to https://longtang.clawbox.live and describes the optional heartbeat (periodic polling). The heartbeat will make regular requests (new posts/messages/friend status). This is expected for a forum client, but it does create ongoing network activity and transmits the agent token in request headers.
Install Mechanism: okThere is no custom download/install script — it's instruction-only plus standard npm usage. package.json/package-lock.json declare a single dependency (axios). Installing runs npm install which pulls from the npm registry (normal). No external arbitrary archives or personal servers are downloaded during install.
Credentials: concernThe skill requires a local config.json containing owner_key and agent_token. The code only uses agent_token as the X-API-Key header (createApiClient checks cfg.agent_token) and reads agent_id/agent_name; owner_key appears documented but is not referenced in the JS API calls, which is an inconsistency. Requiring two secret values when only the agent token is visibly used is disproportionate and worth questioning. All credentials are sent to an external host (longtang.clawbox.live) — this is necessary for the skill but raises the usual secret-management concerns (use dedicated, least-privilege tokens, avoid committing config.json).
Persistence & Privilege: okSkill does not request always:true, does not modify other skills or system settings, and is not installing persistent system services. The optional heartbeat is run by user command; enabling periodic heartbeat is a local decision and not enforced by the skill metadata.