Skillv0.1.1

ClawScan security

Wenshushu File Uploader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 16, 2026, 8:01 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is coherent with its stated purpose (uploading files to wenshushu), requests no unrelated credentials, and its install/runtime behavior matches the documentation; main user-facing risk is that it can upload any local file (so avoid giving it sensitive paths or tokens).
Guidance: This skill appears to do what it claims: upload files to wenshushu using the wssf CLI. Before installing or invoking it, consider: (1) do not provide sensitive system paths (e.g., ~/.ssh, /etc/*, credential files) — the skill will happily upload arbitrary files; (2) if you enable 'login' flows, a token is stored at ~/.config/wenshushu/token.txt — treat that token like a secret; (3) install.sh runs a remote installer (astral.sh) and will run pip install wssf — review these steps or run them manually in a sandbox if you have concerns; (4) if you need finer control, run upload.py manually in a constrained environment and inspect outputs before letting the agent invoke it autonomously.

Review Dimensions

Purpose & Capability: okName/description, included scripts, and SKILL.md all describe a file uploader for wenshushu. Declared dependencies (wssf, uv) and included install.sh / upload.py are consistent with that purpose; nothing requested appears unrelated to uploading files to wenshushu.
Instruction Scope: noteRuntime instructions tell the agent to check file existence, call the wssf CLI, and optionally save upload records. This is coherent, but the skill will accept arbitrary filesystem paths and upload them to an external service — which is expected for an uploader but enables accidental or malicious exfiltration if the agent is given sensitive paths (e.g., SSH keys, tokens). The SKILL.md also instructs users how to extract an X-TOKEN from browser devtools and store it locally for logged uploads; that flow is optional but sensitive.
Install Mechanism: okNo opaque downloads from unknown hosts in the package files. The automation uses a known uv installer (curl https://astral.sh/uv/install.sh) and pip install wssf==5.0.6 (PyPI). These are typical for Python tooling; running a remote installer (curl | sh) is moderately risky operationally but expected for installing uv.
Credentials: noteThe skill does not declare unrelated environment variables or credentials. It may read/write a local token at ~/.config/wenshushu/token.txt and write upload records to ~/.openclaw/memory/wenshushu-uploads.jsonl — reasonable for its function. However, because it accepts arbitrary file paths, it can be used to transmit any local file to the remote service; treat that as a sensitive capability (not a hidden one).
Persistence & Privilege: okalways is false and the skill does not request elevated platform privilege. It persists its own configuration/token and upload logs under user-scoped config paths (~/.config and ~/.openclaw) which is proportionate to functionality and does not appear to modify other skills or system-wide settings.