Back to skill
Skillv1.0.1
ClawScan security
odps-sql · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 13, 2026, 3:53 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's purpose (querying Alibaba ODPS) matches its code and instructions, but there are inconsistent environment variable names between the registry/SKILL.md/config template and the actual script, which is incoherent and likely to cause errors or accidental credential exposure if not fixed.
- Guidance
- This skill appears to do what it says (run queries against Alibaba ODPS) but the declared env variable names in the skill metadata and config template do not match the env names the included Python script actually reads. Before installing or handing over real credentials: - Inspect scripts/odps_helper.py and decide which env var naming you want to use. Either: (a) set the env vars the script expects (ALIYUN_ACCESS_KEY_ID, ALIYUN_ACCESS_KEY_SECRET, ALIYUN_ODPS_PROJECT, ALIYUN_ODPS_ENDPOINT), or (b) edit the script to read the env names from config.example.env / SKILL.md (or update the .env). - Use a dedicated, least-privilege Alibaba key (read-only / limited to the specific project) when testing. Never reuse high-privilege keys. - Test the script locally in an isolated virtualenv and verify it connects to the expected ODPS endpoint before using it in production. - Do not commit the filled .env to source control; follow the README note. Rotate keys if you accidentally exposed them. If you want higher assurance, ask the skill author to reconcile the env var naming and update SKILL.md/config.example.env to match the script (or vice versa) and to provide a short test run log demonstrating a successful connection using a non-sensitive test account.
Review Dimensions
- Purpose & Capability
- concernThe skill's name, description, and provided scripts all consistently target Alibaba Cloud ODPS (MaxCompute) and require Alibaba credentials — that is appropriate for the stated purpose. However, the registry/SKILL.md declares env var names (ALIYUN_ACCESS_ID, ALIYUN_ACCESS_SECRET, ALIYUN_PROJECT_NAME, ALIYUN_END_POINT) and the config.example.env uses those names, while the runnable script (scripts/odps_helper.py) expects different env var names (ALIYUN_ACCESS_KEY_ID, ALIYUN_ACCESS_KEY_SECRET, ALIYUN_ODPS_PROJECT, ALIYUN_ODPS_ENDPOINT). This mismatch is an incoherence between the declared requirements and the code the skill will actually run.
- Instruction Scope
- noteSKILL.md provides a focused, limited workflow: create a .env with credentials, install pyodps, and run the helper script to list tables, describe schemas, or execute queries. The instructions do not request unrelated files or secrets and emphasize partition filters / limits to avoid full scans. The script loads a .env from the current working directory or the skill parent dir and only accesses ODPS via the pyodps library. No external endpoints beyond ODPS are contacted. The main concern is that following the SKILL.md as-written may still fail because of the env-name mismatch.
- Install Mechanism
- okNo automated install spec is provided (instruction-only install). The README instructs the user to pip install pyodps; this is a standard, low-risk dependency installation step and there are no archive downloads or arbitrary remote installs embedded in the skill package.
- Credentials
- concernThe set of required environment variables (Alibaba Cloud access key/secret, project, endpoint) is proportionate for a tool that connects to ODPS. However the declared/advertised env var names differ from the names the script actually reads. Registry and config.example.env use ALIYUN_ACCESS_ID / ALIYUN_ACCESS_SECRET / ALIYUN_PROJECT_NAME / ALIYUN_END_POINT, while the script expects ALIYUN_ACCESS_KEY_ID / ALIYUN_ACCESS_KEY_SECRET / ALIYUN_ODPS_PROJECT / ALIYUN_ODPS_ENDPOINT. This mismatch can cause the script to report missing credentials even when the user has filled the .env per instructions, increasing the chance of confusion and accidental credential mishandling.
- Persistence & Privilege
- okThe skill does not request persistent special privileges; always:false and default model invocation settings are used. The skill is instruction-only with no install-time changes to system-wide config. It reads a .env file and environment variables but does not attempt to modify other skills or system configuration.