Skillv1.1.4

ClawScan security

xinyi-drink · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 28, 2026, 11:45 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, install script, and network use are coherent with a coffee/tea recommendation and activity-claiming skill; nothing required or installed is out of proportion to that purpose.
Guidance: This skill appears to do what it says: recommend drinks, query stores, and let users claim a brand 'Skill' reward. Before installing or sending your phone number, consider: (1) The skill will send any phone number you provide to its backend (default: https://ai.xinyicoffee.com/api). If you don't trust that endpoint, set XINYI_API_BASE_URL to a trusted backend or avoid providing your number. (2) The skill stores a small local state file (~/.xinyi-drink/state.json) containing mobile/activityJoined/updatedAt (mode 0600 when supported); you can clear it with the provided --clear-mobile option. (3) The installer copies files into your user-level skills directory but does no remote downloading. If you want extra assurance, inspect the repository on GitHub (homepage provided) before installing or run the installer in dry-run mode (install.sh --dry-run).

Review Dimensions

Purpose & Capability: okName/description (drink recommendations, stores, activity claims) align with the included scripts (recommend_drink.py, fetch_stores.py, claim_reward.py). Declared network endpoints and local state for a mobile number are consistent with the stated features (activity claiming and personalized recommendations).
Instruction Scope: okSKILL.md instructs asking for a user phone number only for activity/claim flows and to avoid using cached phone numbers for ordinary recommendations; the scripts implement exactly those flows (POST to /skill/xinyi/claim, GET /skill/xinyi/context, GET /skill/xinyi/stores). There is no instruction or code that reads unrelated system files or secrets.
Install Mechanism: okinstall.sh is a local install script that copies the skill into a user-level skills directory (backs up existing copy) and performs no network downloads or code execution from remote URLs. This is a low-risk, local install mechanism.
Credentials: noteThe skill requests no credentials; optional env vars (XINYI_API_BASE_URL, XINYI_TIMEOUT_SECONDS, XINYI_DRINK_STATE_FILE) are reasonable. Important privacy note: the skill stores an optional phone number locally (~/.xinyi-drink/state.json) and will send a provided phone number to its configured backend (default https://ai.xinyicoffee.com/api) for claim and personalization — this is expected but is sensitive PII and worth user attention.
Persistence & Privilege: okalways:false and scripts do not request elevated privileges. The skill writes only its own local state file and installs into user skill directories; it does not modify other skills or system-wide configuration.