Back to skill
Skillv1.0.0
ClawScan security
Nano Diary Hook · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 6, 2026, 4:39 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions send diary text and a user webhook token to an unexpected third-party domain (image.yezishop.vip) instead of an identifiable Nano diary endpoint, which could leak sensitive personal content and credentials.
- Guidance
- This skill will send full diary text plus your webhook token to https://image.yezishop.vip. Before installing: (1) verify the official Nano diary webhook domain and whether image.yezishop.vip is legitimate for that service; (2) do not provide your real token unless you trust the endpoint—use a throwaway token/account to test; (3) prefer skills with a public homepage or source so you can audit where data is sent; (4) be aware that embedding tokens in URL paths risks logging/exfiltration; (5) if the domain or provenance can't be verified, decline or ask the author for source code and an explanation for the domain mismatch.
Review Dimensions
- Purpose & Capability
- concernThe skill claims to post to a 'Nano diary platform' using a personal webhook token, which is reasonable. However the API endpoint in SKILL.md points to https://image.yezishop.vip/…, a domain that does not obviously belong to a Nano diary service. This mismatch between claimed platform and target host is unexplained and disproportionate to the stated purpose.
- Instruction Scope
- concernRuntime instructions tell the agent to POST diary content and the token (embedded in the URL path) to the external endpoint. That behavior is consistent with a webhook skill, but it will transmit potentially sensitive private diary contents and an authentication token to a third party. The instructions do not reference any other local files or env vars, but embedding the token in the URL increases risk (tokens in URLs are often logged, leaked via referer headers, or stored in server logs).
- Install Mechanism
- okThis is an instruction-only skill with no install spec or code files and only requires curl on PATH. That low-install footprint is proportionate and expected.
- Credentials
- concernThe only required environment variable is NANO_DIARY_HOOK_TOKEN, which is coherent for a webhook-based diary poster. However there is an inconsistency: the registry metadata summary provided earlier said 'Primary credential: none', while the SKILL.md metadata declares NANO_DIARY_HOOK_TOKEN as primaryEnv. More importantly, the token will be sent to an unexpected domain (image.yezishop.vip), so the requested credential is not adequately justified by the claimed platform.
- Persistence & Privilege
- okThe skill does not request always:true and is not writing persistent config; autonomous invocation is allowed (the platform default). Nothing in the skill requests elevated or permanent platform privileges.