Back to skill
Skillv1.0.0
ClawScan security
OneBot Adapter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 23, 2026, 11:56 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to implement a OneBot adapter as described, but there are inconsistencies and missing declarations (notably environment variables and runtime dependencies) that warrant caution before installing or running it.
- Guidance
- This skill implements a OneBot HTTP client and WebSocket listener which matches its description, but there are a few issues to consider before installing or running it: - ONEBOT_TOKEN and endpoint URLs are used by the code and SKILL.md but are not declared in the skill metadata. Treat ONEBOT_TOKEN as sensitive (limit its scope, rotate if needed). Prefer creating a token with minimal permissions. - The package has no install spec: it depends on Python libraries (requests, websockets) and may fail unless you install them yourself. Review and install dependencies in a controlled environment (virtualenv or container). - The scripts' shebang points to /opt/playwright/bin/python, which is nonstandard; run them explicitly with your intended Python interpreter (python3 scripts/onebot_ws_listener.py) to avoid surprises. - Review the included source (onebot_client.py, onebot_ws_listener.py) yourself — they make network connections to the configured endpoints and can send messages (including administrative actions like kicking/banning). Ensure you trust the OneBot server URLs you configure. If you need to proceed: run this skill in an isolated environment (container or VM), provide only a limited-scope token, and install dependencies explicitly. If you want stronger assurance, ask the maintainer to: declare required env vars in metadata, provide a clear install spec, and use a standard shebang or packaging.
Review Dimensions
- Purpose & Capability
- okThe name, description, SKILL.md instructions, and included Python client/listener code are coherent: they implement a OneBot HTTP client and WebSocket listener for QQ/NapCat. The requested behavior (send/receive QQ messages, query groups/friends) matches the stated purpose.
- Instruction Scope
- noteSKILL.md instructs the agent/user to export ONEBOT_WS_URL, ONEBOT_HTTP_URL, and ONEBOT_TOKEN and to run the included scripts. The runtime actions (open WebSocket connections, call HTTP API endpoints) are within the adapter's scope and do not attempt to read unrelated system files. However the SKILL.md relies on environment values that are not declared in the skill metadata (see environment_proportionality).
- Install Mechanism
- noteThere is no install spec (instruction-only style) and code files are included. The Python scripts depend on third-party packages (requests, websockets) but the skill does not declare or install these, so the runtime may fail or an operator might install packages ad-hoc. The shebang (#!/opt/playwright/bin/python) is nonstandard and may not exist on target systems — this is odd but not necessarily malicious.
- Credentials
- concernThe skill metadata declares no required environment variables, yet SKILL.md and the code rely on ONEBOT_WS_URL, ONEBOT_HTTP_URL, and ONEBOT_TOKEN. ONEBOT_TOKEN is a sensitive credential; the skill should have declared this as a required credential and documented its scope. The mismatch is a meaningful omission that could lead to accidental credential exposure or operator confusion.
- Persistence & Privilege
- okalways is false and the skill does not request to modify other skills or system-wide configuration. It runs as a user-level script which is appropriate for its function.