Skillv1.0.0

ClawScan security

财税公众号小助手 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 1, 2026, 6:55 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's functionality (generate finance articles + images) is generally coherent, but it embeds a hard-coded third-party API key and performs network downloads and file writes without declaring credentials — a disproportionate and unexplained footprint that warrants caution.
Guidance: What to consider before installing: - The image script contains a hard-coded API key for Unsplash-like API. That key is not declared as an environment variable — it may be a leaked/embedded credential. Do not assume it belongs to you; using the skill could bill or expose someone else's key. Ask the author to remove embedded keys and require an API key via an environment variable (e.g., UNSPLASH_KEY). - The skill will make outbound network requests (search/download images) and save files to an articles/images folder. If you install/run it, run it in a sandbox or a controlled directory and review where files are written. - If you plan to use the image feature, replace the embedded key with your own key stored in a secure env var and confirm API usage/attribution and billing rules (Unsplash rate limits/license). - The command definitions reference absolute Windows paths (E:\Claude Code\...) — verify those are adjusted for your environment before running to avoid executing unexpected binaries. - If you don't need image downloads, consider disabling or removing finance-image-generator.cjs before installation. - If you want to proceed, request the author to: (1) remove embedded secrets, (2) declare required env vars in skill metadata, and (3) document network endpoints and storage paths. If the author cannot or will not, treat the skill as higher risk and prefer not to install or run it untrusted.

Review Dimensions

Purpose & Capability: noteName/description match the included code: content generator and image generator for finance articles. Generating images via an image-API is plausible for the stated purpose. However, the image generator contains a hard-coded API key and performs direct network calls and file writes even though the skill declares no credentials or environment variables — that mismatch is unexpected and should be explained/justified.
Instruction Scope: concernSKILL.md instructs the agent to run local node scripts and save articles/images to disk (articles/, ../articles/images). The included files implement network calls (Unsplash API) and create files. The instructions and code request and process user-uploaded data (Excel) in valuation guides. The scope does not ask to read unrelated system config, but it does perform network requests and persistent file writes which are beyond simple 'text generation' and should be noted.
Install Mechanism: okNo install spec is provided (instruction + code included). No remote download/install URLs were used in the package itself. This is lower risk than arbitrary remote installations, but included executable scripts will run locally when invoked.
Credentials: concernThe skill declares no required environment variables or credentials, but finance-image-generator.cjs contains a hard-coded API key (API_KEY = 'qekoFPuHK6YT6369...') used to call api.unsplash.com. That is a mismatch: either credentials should be declared and sourced from env vars, or the embedded key is a leaked/shared secret. This is a proportionality/credential-management concern and a potential privacy/billing risk.
Persistence & Privilege: notealways is false and the skill does not request elevated platform privileges. However, the code writes files under an articles/images directory, which creates persistent data on disk. Autonomous invocation is allowed by default (disable-model-invocation: false) — combined with the credential embed and network access this increases blast radius, but the skill does not modify other skills or system-wide settings.