Skillv1.0.3

ClawScan security

Kuaidi Query · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 16, 2026, 2:00 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: Skill mostly matches its stated purpose (querying Track123) but includes inconsistent docs/code and ships a repository config.json with an embedded API key/secret — a mismatched/ potentially leaked credential — which is unexpected and risky.
Guidance: This skill appears to do what it says (query Track123) but the repository includes a populated config.json with an API key-like value — contradicting its own advice to create your own config and keep keys private. Before installing or running: (1) Treat the bundled config.json as potentially sensitive/active and do not assume it is a harmless placeholder. Replace it with your own Track123 credentials (from a secure location) or remove it. (2) Do not commit any API keys to public repos. (3) Review the script's network calls (it posts to api.track123.com) and run in a sandbox if you are concerned about using an unknown credential. (4) Note documentation/code mismatches (app_key vs api_secret, v2.1 vs v2); verify behavior against Track123 documentation or test with your own key. If you need high assurance that the included key is inert, ask the publisher to confirm it is a dummy key and to remove it from the package.

Review Dimensions

Purpose & Capability: noteName/description align with included code: the script calls Track123 endpoints to query tracking info and lists supported carriers. However the package ships a populated config.json containing an API key/secret. The README instructs users to create their own config.json from config.example.json, so bundling a populated config.json is inconsistent and unnecessary for the stated purpose.
Instruction Scope: noteSKILL.md instructions are narrowly scoped to configuring an API key and running the Node script. They do not ask for unrelated files or system data. But there is a contradiction: docs show fields named app_key/app_secret and API v2.1 endpoints, while scripts use api_secret and a v2 base path and send a Track123-Api-Secret header. That mismatch could cause confusion or unexpected credential use.
Install Mechanism: okNo install spec; this is an instruction+script skill that depends on axios (standard). All dependencies are from npm (package-lock present). No arbitrary remote downloads or extract-from-URL operations were found.
Credentials: concernThe skill does not request environment variables, which is fine, but the repository includes a ready-made config.json with what appears to be Track123 credentials (app_key/api_secret). Shipping a populated secret in the repo is disproportionate and risky: it may be a real/active credential allowing usage (and rate/ billing) under someone else's account or exposing that account if the key is valid.
Persistence & Privilege: okThe skill runs as a normal CLI script, writes/reads a local .cache.json in the skill directory to implement caching, and does not request elevated or cross-skill persistence. always is false and it does not modify other skills or global agent settings.