Skillv1.0.0

ClawScan security

Report Generator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 23, 2026, 4:00 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description matches a report generator, but its instructions reference missing scripts and connector docs and do not declare any credentials or configuration required to access POS/ERP or delivery channels — these inconsistencies warrant caution.
Guidance: Do not install blindly. Before using, ask the publisher for: (1) the missing data-connectors documentation and the actual scripts (scripts/generate_report.py) that the SKILL.md references; (2) a clear list of required credentials (POS/ERP API keys, WeCom/Telegram tokens) and guidance for storing them securely; (3) explanation of how scheduled delivery is implemented and who can change recipients. If those are not provided, treat the skill as non-functional and avoid giving it access to production credentials or sensitive data. Test in a sandbox with fake data and minimal delivery targets first.

Review Dimensions

Purpose & Capability: concernThe skill claims to pull POS/ERP data and deliver reports to channels (WeCom/Telegram). However, it declares no required environment variables, credentials, or config paths. A report generator legitimately needs connectors and auth for POS/ERP and delivery channels; those are not declared or provided.
Instruction Scope: concernSKILL.md instructs the agent to run scripts (e.g., scripts/generate_report.py --period ...) and references a data-connectors.md file, but neither the scripts nor data-connectors.md appear in the package. It also refers to a runtime `report_config` (sources, delivery_channel, recipients) without specifying how that config is created or secured. These gaps mean the instructions assume external files/configs that are not present and give the agent broad, unspecified discretion about data sources and recipients.
Install Mechanism: okInstruction-only skill with no install spec and no bundled code reduces supply-chain risk. Nothing is downloaded or executed from external URLs by the skill package itself.
Credentials: concernNo environment variables or primary credential are declared, yet the skill requires access to POS/APIs and delivery channels which normally need API keys/tokens. The absence of declared secrets is disproportionate to the claimed functionality and leaves unclear where credentials must live and how they're protected.
Persistence & Privilege: okalways is false and the skill does not request persistent system changes. It does mention scheduled automatic delivery, but provides no mechanism for establishing schedules or persistent agents; that scheduling behavior is ambiguous but not a declared privilege escalation.