Skillv1.0.3

ClawScan security

Huifu DouGong HostingPay Cashier Refund · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 14, 2026, 10:27 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This skill is documentation for Huifu's hosted-cashier refund APIs and its required credentials and configuration are proportionate to that purpose.
Guidance: This skill is a documentation-only adapter for Huifu refund APIs and looks internally coherent. Before installing: (1) Verify you trust the source and the homepage (https://paas.huifu.com). (2) Keep the RSA private key in a secure secret store—do not paste it into chat or unsecured files. (3) Confirm how your platform maps the listed config paths (HUIFU_*) to environment/secret storage and check the referenced base skill (huifu-dougong-hostingpay-base) because SDK initialization and signing live there. (4) Note a small metadata mismatch: SKILL.md shows version 1.1.0 while registry metadata lists 1.0.3—confirm you have the intended version. (5) If you allow autonomous invocation of skills in your agents, be mindful that this skill would be able to initiate refund-related actions using any credentials you supply; restrict credentials and permissions (e.g., use a test account or limited-scope keys) when possible.

Review Dimensions

Purpose & Capability: okName/description (refund + refund-query for Huifu 收银台托管交易) match the files and declared requirements. The listed config items (product_id/sys_id, RSA key pair, notify URL) are expected for signing requests and receiving async notifications from a payment provider.
Instruction Scope: okSKILL.md and reference files are implementation documentation and Java SDK examples; they do not instruct the agent to read unrelated system files or to exfiltrate data. The skill repeatedly delegates SDK init to the base skill and points to signing/async docs; scope stays within refund/query functionality.
Install Mechanism: okInstruction-only skill with no install spec and no code files — nothing is downloaded or written to disk by the skill itself, which is the lowest-risk install model.
Credentials: noteThe skill requires access to sensitive config entries (HUIFU_PRODUCT_ID, HUIFU_SYS_ID, HUIFU_RSA_PRIVATE_KEY, HUIFU_RSA_PUBLIC_KEY, HUIFU_REFUND_NOTIFY_URL). Those are expected and proportionate for a payment integration (signing and notify URL), but they are high-value secrets (especially the private key) and should be stored and provisioned securely. The skill does not declare a single primaryEnv variable; config is expressed as required config paths — this is consistent but worth confirming with the base skill's credential boundary docs.
Persistence & Privilege: okalways:false and user-invocable are set; the skill does not request permanent/always-on privilege. There is no evidence it modifies other skills or system-wide settings.