Skillv1.0.0

ClawScan security

aim-blog-write · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 2:05 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill generally implements an SEO-blog generator that contacts a fixed AEP service and writes a provided 'aim-secret-key' into a local .env, but there are inconsistencies and secret-handling instructions that warrant caution before installing.
Guidance: Before installing or using this skill: 1) Confirm and trust the service endpoints (AEP_BASE_URL = http://aep.vemic.com/aim_mentaassistant_2024 and any registration URL) — the SKILL.md/README and env_guard reference conflicting registration URLs (public https://tools.mentarc.cn vs internal http://192.168.25.10), ask the author to clarify. 2) Avoid pasting any secret into chat history if your platform retains conversations; prefer a secure secret-input mechanism if available. If you must provide the aim-secret-key via chat, delete the message afterwards and consider rotating the key. 3) Understand the skill will write the secret into a .env file in the skill root and export it to AEP_CONSUMER_SECRET for HTTP requests; inspect that file and its permissions after creation. 4) Be aware the skill will fetch images from URLs returned by the backend (they may be internal addresses) and uses --noproxy '*' — run this skill in an isolated environment (or sandbox) if you do not want it to access your internal network. 5) Ask the publisher to update the registry metadata to declare the required credential (primaryEnv) and to resolve the inconsistent registration URL; if they cannot justify these, treat the skill with increased caution or avoid installing it.

Review Dimensions

Purpose & Capability: noteThe code and scripts align with the stated purpose (call an AEP /seo_agent endpoint, parse SSE, download images, render a .docx). Requiring a service secret stored in the skill root .env is coherent for calling a private API. However, the registry metadata declares no required env or primary credential even though the skill mandates an aim-secret-key in .env (undocumented credential). Also README and SKILL.md point to a public tools.mentarc.cn registration page while env_guard prints a different internal registration URL (http://192.168.25.10:30775/...), which is an inconsistency to clarify.
Instruction Scope: concernSKILL.md explicitly instructs the agent to ask the user to paste the aim-secret-key into the chat and then have the agent write that secret into the skill-root .env (user must not edit file). That workflow exposes a sensitive secret via chat and gives the agent explicit instructions to persist it to disk. Scripts also force --noproxy '*' and note that image URLs may be internal (192.168.x.x), meaning the skill will directly access internal network resources from the agent environment. These behaviors are within the generation use-case but broaden the data/surface the agent touches (chat-transmitted secrets, disk writes, internal network access).
Install Mechanism: okThere is no install spec (instruction-only installation) and no arbitrary downloads; files are shipped with the skill. That is low-risk from an install mechanism perspective.
Credentials: concernThe only secret the scripts use is aim-secret-key stored in .env and exported as AEP_CONSUMER_SECRET for curl. That is proportionate for calling the described AEP service. However: (1) the skill metadata did not declare this required credential (no primaryEnv), which is an omission; (2) the workflow asks the user to paste the secret into chat (exposing it to conversation history) and instructs the agent to write it to disk — this is a potentially risky secret-handling pattern; (3) the skill hardcodes AEP_BASE_URL and an internal AIM_APPLY_URL, so the secret will be sent to those fixed endpoints (you should verify and trust them).
Persistence & Privilege: noteThe skill does not set always:true and does not request elevated platform privileges. It does instruct the agent to write a .env file into the skill directory (persisting the secret locally) which is normal for a credential-backed tool, but you should be aware that the agent will be instructed to create/modify files in the skill directory.