Skillv1.0.0

ClawScan security

Umeng Stats · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 16, 2026, 9:49 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly does what it says (queries Umeng) but contains hard-coded credentials and a hard-coded user-specific config path that conflict with the SKILL.md — those mismatches are suspicious and warrant caution before installing.
Guidance: This skill appears to implement legitimate Umeng API calls, but there are red flags you should consider before installing: 1) The repository includes plaintext Umeng credentials (apiKey and apiSecurity) in config.json — treat those as sensitive and do NOT assume they are safe to reuse. If these are real credentials, they should be rotated and removed. 2) The Python script uses an absolute, user-specific CONFIG_PATH (/Users/zhangjing/...) that differs from the SKILL.md's workspace-relative path. That means the script may read a file from a specific home directory rather than the skill's workspace; this is a concrete risk (it may access files outside the expected directory) and a packaging bug. 3) The project source is 'unknown' with no homepage or publisher info — exercise extra caution with credentials and provenance. Recommendations: - Do not install blindly. Inspect and (ideally) run the code in an isolated environment (sandbox/container). - Remove or replace the embedded credentials: move apiKey/apiSecurity into secure environment variables or a workspace-protected config and update the script to read the workspace-relative path (or honor SKILL.md). - If you are the owner of the listed Umeng accounts, rotate the apiSecurity if you suspect it was leaked. - If you need this skill, request a version from a trusted source or modify the script to use a configurable path and environment-backed secrets before enabling it. - Absence of scanner warnings does not imply safety; the path/credentials issues are visible in the files and are the key concerns.

Review Dimensions

Purpose & Capability: noteName/description match the included code and config: the script calls Umeng gateway endpoints and the config.json contains an apiKey/apiSecurity and app IDs. Those credentials and app keys are consistent with Umeng querying functionality. However, bundling plaintext apiSecurity in the repo instead of using declared environment credentials is unusual and increases exposure risk.
Instruction Scope: concernSKILL.md instructs resolving the config under ~/.openclaw/workspace/skills/umeng-crash-stats/config.json (relative path), but the Python script uses a hard-coded absolute CONFIG_PATH: '/Users/zhangjing/.openclaw/workspace/skills/umeng-crash-stats/config.json'. This mismatch is a scope creep/risk: the code will read a specific user's home path rather than a workspace-relative path, which can cause it to access files outside the skill's intended directory on the host or fail unpredictably. The runtime instructions do not require or mention any unrelated file reads, but the code's hard-coded path does.
Install Mechanism: okNo install spec; the skill is instruction-only with a bundled script and config. There are no downloads or external installers. This minimizes install-time risk because nothing is fetched or written by an installer step.
Credentials: noteNo environment variables are required, and instead the repo contains apiKey and apiSecurity in config.json. Those are the credentials needed to call Umeng and are therefore proportional to the purpose — but embedding secrets in a distributed config file is poor practice and increases secret exposure. Also the config contains many app IDs which is expected for an analytics tool.
Persistence & Privilege: okThe skill does not request 'always: true' and does not modify other skill configs. It runs on demand and performs network calls to the Umeng gateway only. There is no evidence of persistent privileged behavior beyond reading the hard-coded config file.