ClawHub
Back to skill
v1.1.0

s1cli

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:20 AM.

Analysis

This is a coherent S1 forum CLI skill, but it uses a forum login/session and can publish posts or replies, so account actions should be explicitly user-directed.

GuidanceThis skill appears benign for its stated purpose. Before installing, verify the external s1cli package or GitHub repository, avoid passing passwords directly on the command line when possible, protect ~/.config/s1cli/session.toml, and require explicit confirmation before any post, reply, or check-in is submitted.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
SKILL.md
python3 -m s1cli post -f <forum_name> -t "标题" -c "内容"
python3 -m s1cli reply <thread_id> -c "回复内容"

The skill documents commands that can publish new forum posts and replies. This is central to the stated forum-tool purpose, but it can create public account-visible content.

User impactIf used carelessly, the agent could publish content to the user's S1 account or perform a forum check-in when the user did not intend it.
RecommendationOnly allow posting, replying, or check-in after the user has clearly requested the action and reviewed the exact content or operation.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
pip3 install s1cli

# 或从源码
git clone https://github.com/Geoion/s1cli.git && cd s1cli && pip3 install -e .

The instruction-only skill depends on an external Python package or GitHub source installed with unpinned commands. This is normal for a CLI wrapper, but users should trust the package source before installation.

User impactInstalling the external package gives that package code execution in the local Python environment.
RecommendationInstall from a trusted source, verify the package/repository identity, and consider pinning a known version before using it with account credentials.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
references/commands.md
python3 -m s1cli login -u <username> -p <password>

- 会话保存到 `~/.config/s1cli/session.toml`,有效期 7 天

The skill uses S1 account credentials and persists an authenticated session file. This is expected for an authenticated forum CLI, but it grants account-level authority.

User impactThe skill can act as the logged-in forum user while the local session remains valid.
RecommendationPrefer interactive login over putting passwords in command arguments, protect the session file, and run logout when the session is no longer needed.