Skillv0.1.1

ClawScan security

米游社工具 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 20, 2026, 5:22 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's required actions, files, and runtime behavior are consistent with a MiYoShe account/tooling plugin, but it stores and uses highly sensitive credentials (cookies/stoken/phone numbers) locally and fetches proxies from user-configured URLs — review before trusting with real accounts.
Guidance: This skill appears to do what it claims (MiYoShe login, tasks, sign-ins, and exchange) and includes working code that will run locally and contact official MiYoShe/Mihoyo endpoints. Key things to consider before installing or using it: - Sensitive data: You will be asked to paste cookies, stoken info or phone numbers. Those are saved unencrypted under skills/mystool/data/accounts.json and related files — treat these as high-risk secrets. - Trust the author: The skill has no homepage and an unknown source; review the code (especially src/api.py, runner.py, sms_login.py, and store.py) yourself before providing real credentials. - External proxy URL: If you configure a proxy (proxy_config.api_url), the skill will fetch data from that URL to get proxy IPs — that URL could be malicious or point to internal endpoints. Only set it to trusted services. - Automated actions: runner.py will run daily cron tasks and can iterate all stored accounts. If installed on a shared agent, it will act for every stored user account — consider isolation. - Deployment suggestions: run in an isolated/trusted environment, audit the full source (untruncated files), and test with a throwaway account first. If you must use real accounts, consider encrypting the data directory or avoiding storing long-lived cookies in this skill. If you want, I can highlight exact lines/places to inspect (e.g., where cookies are written, where external network calls occur) or scan the remaining truncated files for suspicious behavior.

Review Dimensions

Purpose & Capability: okName/description (米游社工具) match the code: modules implement SMS/QR/Cookie login, daily tasks, sign-in, goods exchange, proxy support, and local account storage. No unrelated cloud credentials or unrelated binaries are requested.
Instruction Scope: noteSKILL.md instructs the agent to run plugin.py/runner.py (and lists pip deps). That runtime will execute the included Python code which performs network calls to mihoyo/miyoushe endpoints, reads/writes local data files under data/ and log/, and may call a user-configured proxy; this is within the plugin's stated purpose but means the agent executes code (not just text-processing).
Install Mechanism: okNo automated install spec (instruction-only), which is lower risk. SKILL.md lists pip dependencies (httpx, pycryptodome, qrcode) that the operator must install; that is reasonable and expected for this functionality.
Credentials: concernThe skill does not request environment variables but it handles highly sensitive secrets: cookies, stoken, phone numbers and stores them unencrypted in data/accounts.json and related files. It also can fetch an external proxy IP from a user-supplied API_URL (data/proxy_config.json). Storing and reading these secrets is proportional to the feature but is a significant security/privacy concern — you must trust the skill before providing real credentials.
Persistence & Privilege: notealways:false and the skill does not claim to modify other skills. It persists state (data/ and log/) and includes runner.py for scheduled cron tasks that will act on all stored accounts — this is expected for automation but increases blast radius if the code is malicious or run on an untrusted host.