Skillv1.0.0

ClawScan security

balbabalablabal · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 10:07 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to do what its description says (query WenDaoYun company data), but its runtime instructions require a sensitive API key stored in a config file while the published metadata declares no required credentials or config paths — an incoherence that needs clarification before use.
Guidance: Before installing or enabling this skill: (1) Confirm the skill's source and trustworthiness (no homepage or known owner is listed). (2) Ask the developer/owner to declare the required secret (WENDAOYUN_API_KEY) and the exact config path or prefer a platform-managed secret/env var instead of an unspecified config.json. (3) Do not place other unrelated secrets in config.json; create a dedicated, scoped secret for this skill. (4) Verify the Base URL (https://h5.wintaocloud.com/prod-api/api/invoke) and test with a limited API key with constrained scope and usage limits. (5) Monitor API key usage and be prepared to rotate/revoke the key if unexpected calls occur. The core functionality appears coherent, but the missing metadata about the required credential and file access is the main concern — ask for that to be fixed before use.

Review Dimensions

Purpose & Capability: noteThe SKILL.md describes a WenDaoYun (问道云) company-info lookup service and the listed API endpoints align with that purpose. Requiring an API key for that service is reasonable. However, the skill metadata declares no required credentials/config paths even though the instructions explicitly require a WENDAOYUN_API_KEY in a config.json file.
Instruction Scope: concernRuntime instructions tell the agent to read a local config.json to obtain WENDAOYUN_API_KEY and then call the WenDaoYun API. The file location and the fact that a secret is read are not reflected in metadata. The instructions do not reference other unrelated system files or external endpoints beyond the documented API, but the unspecified file read of a sensitive value is a scope mismatch that could lead to accidental reading of arbitrary config files if not constrained.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing will be written to disk by an installer. That is the lowest-risk install mechanism.
Credentials: concernThe skill requires a sensitive API key (WENDAOYUN_API_KEY) according to SKILL.md, but the registry metadata lists no required env vars, no primary credential, and no required config paths. The request for a single service API key is proportionate to the function, but the missing declaration is a governance/visibility problem — the platform and user would not know this skill needs secret access until runtime.
Persistence & Privilege: okalways is false and the skill is user-invocable; there is no indication it modifies other skills or requests permanent system-wide privileges. Autonomous invocation (disable-model-invocation=false) is the platform default and is not in itself flagged.