Back to skill
Skillv1.1.0
ClawScan security
小红书爆款文案生成(她势自游版) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 9, 2026, 10:01 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (generate Xiaohongshu copy, schedules, and covers) matches its instructions, but it embeds explicit Feishu folder/app_token/table_id values and instructs destructive writes/deletes without declaring credentials or explaining access — this mismatch is suspicious and deserves caution.
- Guidance
- This skill appears to do what it says (generate copy, schedules, and image covers), but it embeds apparent Feishu tokens/folder IDs in the instructions and instructs automatic deletion of conflicting records before writing. Before installing or running: 1) Confirm who owns the embedded app_token/table_id values and whether they are valid — hard-coded tokens in a skill can grant access to someone else's tables. 2) Ensure you explicitly authorize any writes or deletions to your Feishu tables — the skill will delete conflicting rows automatically. 3) Ask the publisher to remove hard-coded credentials and instead require you to provide credentials explicitly (or document the exact access model). 4) If you cannot verify the tokens' ownership, treat the skill as untrusted and do not allow it to perform writes against your account. If you want a safer setup, request the skill be modified to: prompt for/require credentials via secure env vars, show a preview of changes before performing deletes, and document what external tools (e.g., image_generate) it will call.
Review Dimensions
- Purpose & Capability
- noteThe name/description (generate copy, schedule tables, hotspot analysis, cover generation) aligns with the SKILL.md workflow: reading project resources, generating copy, creating covers, and writing to a multi-dimensional Feishu table. However, the skill expects programmatic access to Feishu resources (project folder IDs and app_token/table_id pairs) yet declares no required credentials or environment variables; some of those tokens are hard-coded in the instructions themselves, which is unusual and worth flagging.
- Instruction Scope
- concernThe runtime instructions direct the agent to locate specific project folders (by ID), read generator files/keywords/product docs, perform forbidden-word checks, generate copy and 4-up covers, then batch-write to Feishu multi-dimensional tables. Crucially, it mandates querying the table for conflicts and deleting conflicting records before writing — destructive behavior performed automatically. The instructions also reference saving generated images to /tmp and using an image_generate tool. All of this stays within the skill's stated domain, but the automatic deletion of remote records and the embedded tokens increase risk and require explicit user authorization.
- Install Mechanism
- okInstruction-only skill with no install steps or code artifacts to run on the host. That reduces filesystem/install risk. There is no external download or binaries required by the skill itself.
- Credentials
- concernThe SKILL.md includes explicit app_token and table_id values and folder IDs (which look like access identifiers) but the skill declares no required environment variables or credentials. Embedding apparent tokens/IDs in the instruction file means the skill may assume those tokens work or are sensitive — this is inconsistent and potentially unsafe. Additionally, the skill will perform write/delete operations on external Feishu tables, which requires credentialed access; lack of explicit credential handling is a proportionality/clarity issue.
- Persistence & Privilege
- okalways:false and no install or self-modifying behavior. The skill does not request permanent system presence, nor does it attempt to alter other skills or global agent settings. Autonomous invocation is allowed (platform default) but is not combined with other elevating flags.