Skillv1.0.0

ClawScan security

Ecom Intel · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 6:48 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description claims broad data-collection and integration capabilities (competitor tracking, price monitoring, review analysis) but the runtime instructions and manifest are vague and omit expected dependencies, credentials, and concrete data sources, which is inconsistent and warrants caution.
Guidance: This skill reads like a product spec rather than an implementation: it promises marketplace scraping, aggregated analytics, alerts, and PDF reports but provides no integration details, credentials, or concrete runtime steps. Before installing or enabling autonomous use: 1) Ask the author for a dependency list and the exact integrations/endpoints used (e.g., which APIs, whether scraping is performed, notification channels). 2) Confirm what credentials (API keys, notification webhooks) the skill will require and why — do not supply unrelated secrets. 3) If you plan to let the agent run autonomously, restrict its network access or run in a sandbox until you verify behavior. 4) Request a clear privacy/data-handling statement: what user data (product lists, customer reviews) is sent where and how long it is stored. 5) Test in a controlled environment and verify outputs (and any outbound network activity) before using it with real production data. These gaps are likely due to missing implementation details rather than explicit malice, but they create opportunities for unintended data access or unexpected network activity.

Review Dimensions

Purpose & Capability: concernThe SKILL.md claims integration with competitor-analysis, price-tracker, and review-analyzer capabilities and access to Amazon/eBay/Walmart/BestBuy data and notifications, but the manifest declares no dependencies, no required environment variables, and no config paths. Realizing these capabilities normally requires API keys, scraping logic, or explicit integrations; the skill provides none and instead uses vague 'inherit' language. This mismatch suggests missing or omitted implementation details.
Instruction Scope: concernThe SKILL.md is high-level and prescriptive about outputs and commands the user might issue, but contains no concrete runtime instructions (no endpoints, no CLI commands, no sample API calls). It grants the agent broad discretion to 'monitor', 'analyze', and 'notify' without specifying how to collect data or which external endpoints/channels are allowed, which is an open-ended instruction scope that could cause the agent to take uncontrolled network actions if invoked.
Install Mechanism: okThere is no install spec (instruction-only skill) and the only code file is a harmless test shell script that prints expected behaviors. No downloads, package installs, or archive extraction are present — low installation risk.
Credentials: noteThe skill requests no environment variables or credentials. While this reduces immediate credential-exposure risk, it is atypical given the declared capabilities (accessing marketplace data, sending notifications, producing PDFs). Either the skill expects to reuse other skills/credentials that are not declared, or it relies on web scraping without API keys — both are notable omissions. The lack of declared notification endpoints or storage paths is also inconsistent with '实时预警/自动通知' features.
Persistence & Privilege: okThe skill does not request always:true and makes no claims to modify other skills or global agent configuration. Default autonomous invocation is allowed (platform default) but nothing in the manifest requests elevated persistence or cross-skill config changes.