Skillv1.0.0

ClawScan security

成交商品画像分析 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 26, 2026, 12:00 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (sales-feature analysis) mostly fits the code, but the implementation unexpectedly imports a local helper from a hard-coded user path and calls an internal API without declaring required credentials — this mismatch is suspicious and worth manual review before installing.
Guidance: This skill appears to need access to an internal BI endpoint but doesn't declare any credentials; it also force-inserts a hard-coded user path and imports a local api_client. Before installing or using: (1) inspect the api_client implementation referenced by the skill (the module the skill will import) to see what credentials, network calls, or local files it touches; (2) confirm whether the BI API requires tokens/headers and avoid providing high-privilege secrets unless necessary; (3) run the skill in a sandbox or isolated environment first to prevent accidental import of arbitrary local code; (4) if you cannot review api_client, treat the skill as untrusted — it could access local workspace files or exfiltrate data via the API call. If the author intends this to run in your environment, ask them to remove the hard-coded path and declare the exact auth requirements.

Review Dimensions

Purpose & Capability: noteThe name/description promise product-feature distributions and period-over-period analysis, and analyze.py implements that logic using data from /api/v1/store/dashboard/bi. However the skill does not declare any credentials or environment requirements even though the code calls an internal API via get_copilot_data. Also the term '画像' may imply image processing, but the code operates on BI API data rather than performing image analysis — the description and implementation are close but not fully aligned.
Instruction Scope: concernSKILL.md shows only a simple API usage pattern, but analyze.py inserts a hard-coded local path (sys.path.insert(0, '/Users/yangguangwei/.openclaw/workspace-front-door')) and imports api_client.get_copilot_data, then calls '/api/v1/store/dashboard/bi'. The runtime will therefore attempt to load a local module from a specific user workspace (non-portable) and make network/API calls that require authentication — none of which are described in SKILL.md. This expands scope beyond the documented instructions and could access local code or secrets via that local import.
Install Mechanism: okThere is no install spec (instruction-only style with a bundled analyze.py). Nothing is downloaded or written by an installer. The primary risk stems from runtime imports and API calls, not an installer fetching remote code.
Credentials: concernrequires.env declares no credentials, but the code calls an internal API via get_copilot_data — this likely needs authentication (cookies, headers, or tokens) supplied by an existing local client. The code also hard-codes a user-specific filesystem path which could cause it to import unintended local modules with access to other credentials or state. The lack of declared credentials is disproportionate to the apparent need to call a private BI endpoint.
Persistence & Privilege: okThe skill does not request always:true and has no install script modifying agent-wide settings. It appears to run only when invoked and does not declare persistent privileges.