Skillv1.0.0

ClawScan security

必应搜索 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousMar 10, 2026, 2:19 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it says (search Bing and fetch pages), but it lets the agent fetch arbitrary URLs (including internal addresses) and lacks safeguards against SSRF or sensitive-data retrieval—so exercise caution before enabling it.
Guidance: This skill appears to implement Bing search and a web crawler as described, but it will fetch arbitrary HTTP/HTTPS URLs and return page content. Before installing: 1) Be aware of SSRF risk — the script can access localhost and private IPs (no internal-host blocking). 2) Avoid passing untrusted or user-supplied URLs to its fetch command. 3) If you need web search functionality, consider using an official Bing API client (with proper rate limits and auth) instead of HTML scraping. 4) If you still want to use it, sandbox execution, add URL whitelist/blacklist for private IP ranges, and implement checks to forbid requests to internal/non-routable IPs and sensitive paths.

Purpose & Capability: noteName/description match the implementation: the code performs searches on cn.bing.com and can fetch webpage content. Minor mismatch: SKILL.md says it returns a total result count, but the code returns the count of parsed items (results.length) rather than Bing's reported total.
Instruction Scope: concernSKILL.md instructs the agent to invoke the included Node script to search or fetch arbitrary URLs. The fetch (crawlWebpage) accepts any http/https URL and will request and return page content (up to 8000 chars). There is no check to block requests to localhost, private IP ranges, intranet hosts, or file: URLs — this creates an SSRF/data-exfiltration risk. The only filtering is a small social-site blacklist, which does not mitigate internal-host access or sensitive endpoints.
Install Mechanism: okNo install spec; this is instruction+script only and requires node to be present. Nothing is downloaded or written during install.
Credentials: okThe skill requests no environment variables or credentials. The code sets a User-Agent and a Cookie header for Bing queries (to influence search behavior), but it does not require or leak secrets.
Persistence & Privilege: okalways is false and the skill does not modify other skill configurations or system-wide settings. It runs only when invoked.