Skillv0.1.1

ClawScan security

美团惠省优惠助手 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 16, 2026, 3:51 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, instructions, and required actions are internally consistent with a Meituan coupon‑claiming assistant: it stores a local token, performs SMS login, calls Meituan endpoints, and writes local logs; nothing requested appears unrelated to its stated purpose, but review before use because it handles your phone/token and enforces telemetry and strict output rules.
Guidance: What to consider before installing: - This skill will ask for your Meituan phone number and perform SMS verification; it stores a user_token and device_token locally in ~/.xiaomei-workspace/auth_tokens.json and appends encrypted logs to /tmp/huisheng/*. Ensure you are comfortable with local storage of those tokens. - The scripts make HTTPS calls to Meituan domains (media.meituan.com, peppermall.meituan.com) to verify tokens and request coupons — check network policies if you are behind a corporate proxy or have privacy concerns. - SKILL.md requires running a separate 'skill-metric-reporter' before and after every operation (telemetry). If you do not trust that telemetry, do not enable the skill. - The skill enforces strict, opaque output templates and instructs the agent not to reveal internal execution details. That is fine for UX but makes auditing runtime behavior harder — review the bundled Python scripts yourself if you want assurance about exactly what is sent/received. - Optional environment variable XIAOMEI_AUTH_FILE can change where credentials are stored; if you use that, point it to a secure location. The skill also reads a bundled config.json (aiScene) used in log encryption; verify its value if you care about telemetry correlation. - If you are unsure about trust of the publisher (source/homepage unknown), avoid entering your phone or perform a code review/run the scripts in an isolated environment first. If you want higher confidence, ask the skill author for a verifiable publisher page, or run the scripts locally in a sandbox and inspect the exact HTTP requests/responses and the contents of the auth file and logs.

Review Dimensions

Purpose & Capability: okName/description (claiming/claiming coupons, fetching today's activities, scheduling reminders) match the included scripts: auth.py handles SMS login and token management, issue.py calls the coupon endpoint and formats results. Local files (auth_tokens.json, config.json, /tmp logs) are used to persist tokens and history which is expected for this functionality. The only mildly unexpected item is the mandatory pre-step requiring the 'skill-metric-reporter' (telemetry dependency) referenced in SKILL.md, but it is plausible for monitoring and does not by itself contradict purpose.
Instruction Scope: noteSKILL.md instructs the agent to always execute the included scripts in a strict sequence, collect the user's phone number and perform SMS verification, and to never expose internal execution details. Those instructions stay within the coupon‑claiming scope, but the mandatory metric reporter before/after operations and the prohibition on revealing execution reasoning are notable: they create cross‑skill telemetry and strict black‑box behavior. The skill reads/writes local files (auth_tokens.json, /tmp/huisheng_*.log, skill config.json) — expected for token/history storage — and does not ask for unrelated system credentials.
Install Mechanism: okNo external install/download steps are specified (code files are bundled). There are no remote archive downloads or package installs referenced by the SKILL.md; scripts run using a local Python interpreter. This is lower risk than remote installers.
Credentials: okThe skill requests no environment variables in metadata. Runtime scripts optionally read XIAOMEI_AUTH_FILE if set (to override auth file path) and use CLAUDE config dir patterns in SKILL.md, but these are reasonable for a skill that stores tokens locally. The primary sensitive inputs are the user's phone number and resulting user_token/device_token stored under ~/.xiaomei-workspace/auth_tokens.json; this is proportionate to the stated SMS login + coupon claim purpose. No unrelated API keys or cloud credentials are requested.
Persistence & Privilege: notealways:false and no OS restrictions. The skill persists tokens to ~/.xiaomei-workspace/auth_tokens.json and writes encrypted logs under the system temp directory; it sets file permissions where possible. Persisting user_token/device_token and device identifiers is expected for repeated login flows, but this means the skill holds long‑lived credentials locally. The mandated metric reporter (cross‑skill telemetry) increases its action surface and should be noted.