Skillv1.0.0

ClawScan security

Moji Vocab · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 5, 2026, 7:49 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely implements the advertised Moji dictionary management and quiz features, but there are several mismatches between the manifest/instructions and the actual code (missing script references, undeclared required env vars, and an advertised automatic scheduler that does not exist).
Guidance: Before using/installing: 1) The scripts require MOJI_TOKEN and MOJI_DEVICE_ID (session credentials) despite the registry saying none — these are sensitive and grant read/delete access to your Moji account; only provide them if you trust the source. 2) SKILL.md mentions an automatic daily send and a scripts/moji_early_quiz.py file that are not present; the code does not implement scheduling — do not assume automated behavior exists. 3) The README asks to install requests, but the code uses urllib (requests is unused) — dependency declaration is sloppy. 4) Prefer running the scripts locally and in dry-run mode (delete operations support dry_run) and verify API calls (inspect network traffic) before giving the token to any automated agent. 5) If you need scheduling/automation, set up your own scheduler (cron/task scheduler) rather than trusting an unverified skill to run autonomously. 6) If uncertain about origin, avoid using real account credentials — consider a secondary Moji account to test.

Review Dimensions

Purpose & Capability: noteThe code (moji_manager.py and moji_quiz.py) implements fetching, listing, deleting vocabulary and generating quizzes against api.mojidict.com, which matches the stated purpose. However SKILL.md references a script (scripts/moji_early_quiz.py) that is not present, and advertises an automatic daily 9:00 send which is not implemented in the code—these are mismatches between claimed capabilities and actual implementation.
Instruction Scope: noteRuntime instructions ask the user to extract sessionToken and deviceId from the browser localStorage and set MOJI_TOKEN / MOJI_DEVICE_ID environment variables. The code uses only those credentials and makes HTTP requests to mojidict endpoints. The instructions do not ask the agent to read unrelated files or secrets, but they do promise automated daily sending and a missing script, granting broader implied behavior than the code actually performs.
Install Mechanism: okNo install spec (instruction-only with included scripts) — lowest risk for arbitrary installs. SKILL.md suggests pip install requests, but the provided scripts use urllib (requests is not imported), so the declared dependency is unnecessary.
Credentials: concernRegistry metadata lists no required env vars, yet both scripts require MOJI_TOKEN and MOJI_DEVICE_ID (or --token/--device-id args). Asking for a service session token and device id is proportionate for managing an account, but the manifest omission is an inconsistency. Note: these values are essentially account session credentials and would permit the skill to read and delete items from the user's Moji account — treat them as sensitive.
Persistence & Privilege: okSkill does not request persistent/autostart privileges (always:false) and does not modify system or other skills. There is no code that installs background scheduling or registers the skill to run autonomously; the SKILL.md's 'daily 9:00 automatic send' is a claim only.