Skillv1.0.1

ClawScan security

德胧外网舆情采集工具 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 20, 2026, 8:16 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (external web舆情 collection and Feishu push) roughly matches its instructions, but it relies on external tools, hard-coded delivery targets, and installation steps that could access your SSH keys or download/execute binaries — the risk/requirements are not fully declared.
Guidance: This skill appears to do what it says (web search + deeper scraping + Feishu push) but has gaps you should resolve before installing or scheduling it. Things to check/consider: 1) Confirm which tools (miaoda-studio-cli, feishu_send_message, AutoCLI) are already trusted and installed in your agent environment; do not run the AutoCLI binary or build steps unless you verify the release checksum and trust the repo. 2) The instructions include git@github.com clones — those use the host's SSH keys; avoid running those commands if you don't want to expose your SSH agent. 3) The cron/payload uses a hard-coded Feishu chat id; verify that the feishu_send_message tool is configured with the correct token and that sending to that group is intended and compliant with your data policies. 4) Understand what data will be collected and pushed (may include user-generated or sensitive content) and consider running the skill in an isolated sandbox or test account first. 5) If you plan to use it, remove or parameterize hard-coded targets, require explicit credentials, and limit the agent's network/credential scope. If you want, I can list exact commands in SKILL.md to audit or propose safer alternatives (e.g., require explicit env vars for Feishu token, verify binary checksums, avoid ssh cloning).

Review Dimensions

Purpose & Capability: noteThe skill claims to perform web search + deep scraping + Feishu push which matches the commands and scripts present (miaoda-studio-cli, AutoCLI, feishu_send_message). However, the skill declares no required env vars or binaries while invoking tools (miaoda-studio-cli, feishu_send_message, autocli) and a hard-coded Feishu group id — this mismatch between declared requirements and actual tool/target usage is a notable omission.
Instruction Scope: concernSKILL.md and scripts instruct the agent to run web searches, optionally download/execute AutoCLI from GitHub releases or build it from source, and to send results to a specific Feishu group (oc_2dc8a...). It also contains a cron payload that will schedule autonomous pushes. Instructions reference git@github.com (SSH) which would use the host's SSH keys if executed. These actions could send collected data to an external chat and perform network installs/builds — broader in scope than an instruction-only skill that declares no credentials.
Install Mechanism: noteThere is no formal install spec; instead SKILL.md gives manual install instructions including a GitHub releases tar.gz (https://github.com/nashsu/AutoCLI/releases/...) and building from source with cargo. GitHub releases is a known host (lower risk than arbitrary URLs), but the skill instructs downloading and running/extracting binaries and building code on the host — operations that can execute arbitrary code. Because installs are manual, risk is user-executed, but the instructions still warrant caution.
Credentials: noteThe skill requests no environment variables or credentials, yet expects access to Feishu delivery (using feishu_send_message) and to external scraping tools. The lack of declared credentials is inconsistent: either platform-provided Feishu tooling is assumed, or required tokens/keys are omitted. The use of git@github.com in instructions implies reliance on SSH keys not mentioned in requirements.
Persistence & Privilege: noteThe skill is not always-enabled and is user-invocable (normal). It includes a cron example that schedules daily autonomous pushes to a named Feishu group; while scheduling itself is in-scope for this skill, combining autonomous invocation with network scraping and external push targets increases potential blast radius and should be reviewed before enabling.