Skillv1.4.0

ClawScan security

Guanrentang Writer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 29, 2026, 3:52 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: Skill claims no required credentials or binaries, but its runtime instructions clearly require an external API key (ZHIPU_API_KEY) and assume command-line tools (curl, jq) and file access — these mismatches and assumptions warrant caution.
Guidance: Key things to consider before installing/using this skill: - Metadata mismatch: the skill metadata declares no env vars or required binaries, but SKILL.md clearly needs ZHIPU_API_KEY and uses curl/jq — ask the author to update metadata. - API key handling: do NOT store the API key in a global shell RC if you want to limit exposure; prefer a skill-local .env file with restrictive file permissions (chmod 600). Treat the key as sensitive because article text/prompts will be sent to the external service. - External endpoint: the skill calls https://open.bigmodel.cn. Verify you trust that service and understand any data-processing/privacy terms (user content and prompts will be transmitted). - Local file access: the skill will create directories and copy assets from ~/.claude/skills/guanrentang-writer and will write articles/images to paths you specify — review those files and paths, and avoid pointing OUTPUT_DIR to sensitive locations. - Required tooling: ensure curl and jq (and a POSIX shell) exist where the agent runs; otherwise the runtime commands in SKILL.md will fail. - Least privilege: if you decide to use it, prefer putting the API key in a skill-local .env (not in ~/.zshrc), inspect any assets placed under the skill_dir, and test with non-sensitive content to observe what is sent to the API and what is stored locally. - Ask the publisher for: source code or homepage, explicit list of required env vars/binaries in metadata, and a sample run log showing the exact requests sent to the image API so you can verify no unexpected endpoints or extra data are transmitted.

Review Dimensions

Purpose & Capability: noteThe described purpose (generate WeChat articles + images) aligns with calling an image/text model API and writing files. However the published metadata lists no required environment variables or binaries while the runtime doc explicitly requires ZHIPU_API_KEY, a skill_dir with assets, and the ability to write to user-selected output paths — the functional needs are reasonable but the metadata is inconsistent.
Instruction Scope: concernSKILL.md tells the agent to create directories, copy assets from ~/.claude/skills/guanrentang-writer, save article files, parse markdown, generate prompts from article content and POST them to an external API (open.bigmodel.cn). This involves reading/writing local files (including user-specified paths) and transmitting article text and generated prompts to a third‑party endpoint — more scope than a purely text-only helper. Instructions also assume availability of shell utilities and jq.
Install Mechanism: okThere is no install spec and no downloaded code, so nothing is written to disk by an installer. That minimizes install-time risk. However the runtime assumes network access to open.bigmodel.cn and CLI tools (curl, jq) which are not declared in metadata.
Credentials: concernAlthough registry metadata lists no required env vars, SKILL.md requires ZHIPU_API_KEY (智谱 API Key) and provides instructions to put it in shell rc or a .env under the skill_dir. Requesting a single API key for the image service is proportional to the stated functionality — but the omission from metadata and the instruction to store the key globally (e.g., in ~/.zshrc) are noteworthy mismatches and privacy/secret-management concerns.
Persistence & Privilege: okalways:false and no system-level persistent installation are set. The skill writes files to user-selected output directories and copies assets from its skill_dir — these are expected for a content generator and do not indicate elevated platform privileges.