Gangtise 文件列表
PassAudited by ClawScan on May 9, 2026.
Overview
This appears to be a purpose-aligned Gangtise document search and download skill, but users should notice that it requires Gangtise API credentials and can save downloaded files locally.
Before installing, confirm that you trust this publisher with Gangtise API credentials. Prefer environment variables over the optional authorization file, use least-privileged keys where possible, and only permit downloads when you want files saved locally.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone installing or using this skill must trust it with Gangtise API credentials, which may grant access to paid or private Gangtise resources depending on the account.
The skill uses the user’s Gangtise access key and secret key to obtain an authorization token. This is expected for the integration, but these are sensitive account credentials.
payload = {"accessKey": ak, "secretAccessKey": sk}
response = requests.post(AUTHORIZATION_URL, json=payload)Use a dedicated, least-privileged Gangtise API key if possible, store it in environment variables rather than files, and rotate it if you stop using the skill.
If the download flag is used, the agent may save files locally, potentially consuming storage or placing documents in the workspace.
The skill can automatically download matching files after search, but the documentation warns that this should only be used when the user explicitly asks.
所有脚本都具有 `-d` / `--download` 布尔型参数,用于判断在检索后自动下载对应文件至本地。一般来说用户不需要这个参数,除非用户明确要求下载文件。
Only allow the agent to use `--download` when you actually want files saved locally, and review the destination path for downloaded files.
Users have less external context for confirming that this Gangtise-related skill is published by a trusted party.
The registry metadata does not provide a source repository or homepage, which limits provenance checking for a credential-using integration.
Source: unknown Homepage: none
Verify the skill owner or distribution channel before configuring real Gangtise credentials.
Using the skill runs local Python code that performs network requests and may write downloaded files.
The documented workflow requires running included Python scripts. This is central to the skill’s purpose and there is no evidence of obfuscated or unrelated execution.
python3 scripts/report.py -k 比亚迪 -sd 2026-01-01 -ed 2026-12-31 -l 20
Run it only in an environment where you are comfortable executing the included scripts and where the required Python dependencies are trusted.