Skillv1.1.0

ClawScan security

Bijian AI Writing Expert · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 3:11 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill is mostly coherent for calling an external '笔尖' content API, but the package metadata does not declare the sensitive environment variables the SKILL.md and included script actually require—this mismatch and the fact the skill will read a local config containing secrets warrant caution.
Guidance: This skill will send your article prompts and reference materials to an external service at bj.aizmjx.com and requires you to store an API token in a workspace config file (BIJIAN_API_TOKEN and related vars). Before installing: 1) Be aware that the registry metadata does not list these required env vars—ask the publisher to update metadata. 2) Treat BIJIAN_API_TOKEN as a secret: store it in a secure secrets store or ensure the .bijian_config file is accessible only to you (restrict file permissions). 3) Confirm you trust the bj.aizmjx.com / sso.aizmjx.com domains and review their privacy/terms because content and references will leave your machine. 4) If you are uncomfortable with plaintext tokens in a shared workspace, run this skill in an isolated environment or container, or modify the script to read secrets from a secured store. 5) The included Python script is readable and straightforward (no obfuscation), so you can audit or modify it before use.

Review Dimensions

Purpose & Capability: noteThe name/description (AI writing via 笔尖) matches the included client script and runtime instructions which call a bj.aizmjx API to generate articles. However, the registry metadata claims no required environment variables while the SKILL.md and scripts clearly require BIJIAN_API_TOKEN and related env vars—an inconsistency between declared metadata and actual needed configuration.
Instruction Scope: okRuntime instructions are scoped to: load a workspace .bijian_config, collect three writing elements from the user, call the local scripts/bijian_api.py to interact with the external API (spaces, generate, poll, fetch). The skill does not instruct reading arbitrary system files, nor does it post data to unexpected endpoints beyond the documented bj.aizmjx and sso.aizmjx URLs. It explicitly says not to ask users for tokens and to source a config file instead.
Install Mechanism: okNo install spec or remote downloads; the skill is instruction-only with a single included Python script (no obfuscated code). No external packages are fetched by the skill itself.
Credentials: concernThe skill requires sensitive env vars (BIJIAN_API_TOKEN, optionally BIJIAN_TOKEN_HEADER/PREFIX/BASE_URL/USER_ID) to operate, which is proportionate to its purpose (calling an external API). The concern is that the package metadata advertised no required environment variables, so users may not realize they must provide/store a secret. The SKILL.md instructs creating and sourcing a plaintext config file in the workspace, which has privacy risks if the file is world-readable or stored in shared/workspace locations.
Persistence & Privilege: okalways is false and the skill does not request elevated or persistent platform-wide privileges. It does not modify other skills or system settings. Allowing autonomous invocation is the platform default and not in itself flagged.