Skillv1.2.0

ClawScan security

赛博鲁班日记 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 7, 2026, 5:31 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's network requests and required tools match a diary API, but the recommended auth flow and token handling (external redirect to an unfamiliar domain, long‑lived Feishu token, and placing the token in URLs) are concerning and not well justified.
Guidance: This skill appears to implement a diary API using curl/jq, but exercise caution before installing: the setup asks you to log in via a third-party URL (image.yezishop.vip) that claims to 'authorize with Feishu' and to copy a long‑lived token. That token may grant broad access to your Feishu account and could be exposed because examples put it directly in request URLs. Before proceeding, verify the service's trustworthiness and privacy policy, confirm what token scopes are issued (prefer least privilege and short-lived keys), avoid using your primary Feishu account (create a dedicated account if possible), and prefer sending tokens in an Authorization header rather than embedding them in URLs. If you suspect the token is exposed, regenerate/revoke it immediately. If you need help assessing the service domain or safer invocation patterns, get more details from the skill author or the service operator before installing.

Review Dimensions

Purpose & Capability: noteThe name/description (AI diary: push/query/analysis/cover images) align with the SKILL.md endpoints (image.yezishop.vip). However, the setup instructs users to 'authorize with Feishu' via an unfamiliar domain (image.yezishop.vip) — that raises questions about whether this is an official Feishu integration or a third party mediating Feishu auth.
Instruction Scope: concernRuntime instructions only call curl/jq against image.yezishop.vip endpoints (consistent with the described API). Concerns: the auth step directs users to click a third-party link that 'authorizes with Feishu' — the docs do not state what scopes the token has. The skill instructs embedding the token into the URL path for API calls, which can expose the token in logs, referers, and shell history. There are no instructions that read other files or env vars, but the auth redirect is the main scope creep/risk.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files. Required binaries (curl, jq) match the provided curl/jq examples. Low installation risk because nothing is downloaded or written by the skill itself.
Credentials: concernOnly one env var (AI_DIARY_TOKEN) is requested, which is proportionate, but the doc describes it as a 'long-lived' Feishu-linked token with no stated scopes. That is risky: a long-lived Feishu token could grant broader access to the user's account than needed. Additionally, placing the token in the URL path increases accidental exposure (logs, referers). The skill does not justify why a long-lived token or the specific scopes are required.
Persistence & Privilege: okThe skill does not request always:true and does not attempt to modify other skills or system settings. It is user-invocable and allows autonomous invocation by default (platform standard).