Skillv1.0.7

ClawScan security

奇门遁甲 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 9:37 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's SKILL.md describes a networked paid API that needs an x-api-key, but the registry metadata omits required credentials and source/origin details — this mismatch and unknown provenance warrant caution.
Guidance: This skill appears to be an API client for a paid divination service and the instructions expect an API key (x-api-key). However, the registry metadata contradicts the SKILL.md by not declaring that credential, and the skill's source is listed as unknown. Before installing: (1) verify the provider/site (https://www.xiaoqizhisuan.cn) is legitimate and that the homepage/privacy/billing links are real; (2) ask the publisher or registry to correct the metadata to explicitly declare the required env var (e.g., XIAOQIZHISUAN_API_KEY) so you know what secrets will be used; (3) only provide a scoped API key that can be revoked and does not grant unrelated privileges; (4) confirm pricing and billing behavior on the provider site; (5) because the skill makes network calls to the listed domain, avoid supplying high-privilege or reused credentials until provenance is confirmed. If the publisher cannot explain the metadata mismatch and provenance, treat the skill as untrusted.

Review Dimensions

Purpose & Capability: concernThe SKILL.md clearly describes an external API (xiaoqizhisuan.cn) and declares a required x-api-key credential. However, the registry metadata provided with the skill lists no required env vars or primary credential and lists 'Source: unknown' / 'Homepage: none'. That mismatch (skill expects an API key but registry doesn't declare it) is incoherent and should be corrected before trusting the skill.
Instruction Scope: okThe runtime instructions are limited to calling the provider's MCP HTTP endpoints (curl examples, MCP config, tool list/call). They do not instruct reading local files, scanning system paths, or exfiltrating unrelated environment variables. Network calls are expected for this API-based skill.
Install Mechanism: okNo install spec and no code files are present (instruction-only). That minimizes on-disk risk; the skill only documents how to call the remote API.
Credentials: concernThe SKILL.md and embedded metadata require an API key header (x-api-key) and show examples using ${XIAOQIZHISUAN_API_KEY}, which is appropriate for an external paid API. But the top-level registry info claims 'Required env vars: none' and 'Primary credential: none' — this is inconsistent. The requested credential itself is proportionate, but the omission in registry metadata is a red flag (could be an authoring error or an attempt to hide credential requirement).
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills, and has no installation steps that persist code or credentials. Autonomous invocation is allowed by default but not forced; that combination is normal for MCP-style skills.