Back to skill
Skillv1.0.0
ClawScan security
guoguo · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewApr 17, 2026, 2:05 PM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (creating shipping orders via an MCP tool) is plausible, but the runtime instructions reference a setup script and modifications to MCP/Qoder configuration that are not provided in the bundle and could modify agent-wide config; this mismatch and the script requirement warrant caution.
- Guidance
- This skill appears to be an instruction-only connector for an internal MCP-based shipping service, but the runtime doc expects you to run a setup-mcp.sh that is not included. Before installing or running: (1) Ask the publisher/source for the missing setup script and a human-readable explanation of exactly what it changes; do not run any setup script you cannot inspect. (2) If you obtain setup-mcp.sh, review its contents to confirm it only adds the guoguo_send_server entry and does not execute arbitrary commands or exfiltrate data. (3) Confirm where collected PII (phone numbers, full addresses) will be sent, logged, or stored and ensure GDPR/privacy policy compliance. (4) Prefer a published/homepage source or official registry entry; lack of origin lowers trust. (5) If possible, test in an isolated/sandboxed environment or ask for a version that only demonstrates the MCP call without modifying global config. If you cannot verify the setup script and config changes, do not run this skill in production.
Review Dimensions
- Purpose & Capability
- concernThe skill's name/description match the instructions to call an MCP 'guoguo_send_server' tool to create shipping orders (coherent). However the SKILL.md requires running a local setup script (bash <Base directory>/setup-mcp.sh) to auto-configure MCP; the skill package contains no such script or install artifacts. Asking to modify MCP configuration without bundling or linking the script is inconsistent and unexplained.
- Instruction Scope
- concernInstructions explicitly require running a setup script that auto-detects and edits Qoder MCP configuration and then calling internal MCP tools. Editing agent/connection config and requiring that step on every invocation expands scope beyond simple API calls. The skill also collects personal data (phone numbers, full addresses, timestamps) which is necessary for shipping but is sensitive — the instructions do not state storage/retention or any privacy handling.
- Install Mechanism
- concernThere is no install spec and no code files in the bundle, yet the runtime doc directs execution of a local setup-mcp.sh script residing in the skill's Base directory. Because that script is not present in the provided package, the behavior is ambiguous: either the platform supplies it (not documented) or the skill expects users to provide/allow execution of an external script. That mismatch is a red flag.
- Credentials
- noteThe skill requests no environment variables or credentials, which is proportionate for calling an internal MCP tool. However it requires editing MCP/Qoder configuration (which may touch credentials or tool registrations) and collects sensitive PII for orders; lack of clarity about where that PII is sent/stored and what configs are modified reduces proportionality.
- Persistence & Privilege
- concernalways:false and normal model invocation are fine. But the setup step explicitly modifies MCP/Qoder connection configuration (potentially affecting agent-wide tool lists). A skill that programmatically alters other skills' tool registrations or global MCP config should be treated cautiously; the doc does not limit changes to the skill's own config nor provide a safe rollback path.