Skillv1.0.0

ClawScan security

Volcengine Compute Ecs · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousFeb 11, 2026, 9:45 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions are narrowly scoped and safe-looking, but it claims cloud-control functionality while declaring no authentication, endpoints, or provenance — that mismatch is suspicious and should be clarified before use.
Guidance: This skill's surface looks safe but incomplete. Before installing, ask the publisher to explain how it authenticates to Volcengine (which env vars, platform connector, or credential store), provide a source or homepage for provenance, and list the exact API/CLI calls it will make and any endpoints it contacts. If you proceed without that information, treat it as untrusted: run in a restricted environment, do not give platform-wide credentials, and require explicit confirmation before any mutating operations. If your platform already supplies a vetted Volcengine connector, verify that connector's name and permissions match what this skill expects.

Purpose & Capability: concernThe skill claims to manage Volcengine ECS (inventory, lifecycle, troubleshooting) but the package declares no authentication method, no required credentials, and no homepage/source. Real ECS operations require API keys/credentials or an explicit platform connector; the absence of any declared credential or explanation is inconsistent with the stated purpose.
Instruction Scope: noteSKILL.md is concise and stays within a limited, safe scope (confirm region, prefer read-only, require explicit target IDs). It does not instruct reading unrelated files or exfiltrating data. However, it also omits any concrete commands, API endpoints, or authentication steps — leaving essential behavior unspecified.
Install Mechanism: okNo install spec and no code files — instruction-only. This minimizes risk from arbitrary downloads or disk modifications.
Credentials: concernNo required environment variables or primary credential are declared despite the skill's need to operate on cloud resources. Either the skill expects a platform-provided Volcengine connector (not documented here) or it omits required credentials — both are problematic from a trust/provenance perspective.
Persistence & Privilege: okalways:false and no install actions; the skill does not request persistent elevated privileges or modifications to other skills' configs.