Skillv1.0.0

ClawScan security

Onebot Adapter 1.0.0 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 26, 2026, 1:59 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly implements a OneBot client/listener that matches its description, but there are internal inconsistencies (undeclared environment variables in registry metadata and a mismatched owner id in _meta.json) that warrant caution before installing.
Guidance: This adapter appears to do what it says (HTTP client + WebSocket listener for OneBot), but there are a few inconsistencies you should resolve before installing: (1) SKILL.md and the Python scripts expect ONEBOT_WS_URL, ONEBOT_HTTP_URL, and ONEBOT_TOKEN, yet the registry metadata lists no required env vars — verify you are intentionally supplying those values and understand what token you are providing. (2) _meta.json shows a different ownerId than the registry header — confirm the publisher/source is trustworthy. Also note the scripts assume the 'requests' and 'websockets' Python packages and include an unusual shebang (/opt/playwright/bin/python) — run in a sandbox or virtualenv, install dependencies yourself, and review the two Python files locally. Do not supply ONEBOT_TOKEN (or any sensitive token) unless you trust the OneBot server and the skill source.

Review Dimensions

Purpose & Capability: noteFiles (onebot_client.py and onebot_ws_listener.py) implement HTTP and WebSocket OneBot integration consistent with the skill name/description. However, the registry metadata claims no required env vars while SKILL.md and the code rely on ONEBOT_WS_URL, ONEBOT_HTTP_URL, and ONEBOT_TOKEN. Also _meta.json contains a different ownerId than the top-level registry owner — an ownership/packaging mismatch.
Instruction Scope: okSKILL.md gives concrete instructions (export ONEBOT_* env vars, run the listener, use the client API). The included code only reads those env vars, connects to the configured OneBot server, and sends/receives OneBot events; it does not attempt to read arbitrary system files or exfiltrate data to unexpected endpoints. The instructions are not overly broad.
Install Mechanism: okThere is no install spec (instruction-only) and the code is included as scripts. No downloads or archive extraction are performed. Note: the shebang lines reference /opt/playwright/bin/python which is an unusual interpreter path and may cause launch failures if that path does not exist.
Credentials: concernThe environment variables referenced (ONEBOT_WS_URL, ONEBOT_HTTP_URL, ONEBOT_TOKEN) are appropriate for a OneBot adapter. However, the skill metadata does not declare these required env vars, creating an inconsistency that could hide the need to provide a token. ONEBOT_TOKEN is sensitive (authorization token); only provide it when you trust the target OneBot server and the skill source.
Persistence & Privilege: okThe skill does not request persistent/always-on privileges (always: false). It does not modify other skills or system-wide settings. It runs network clients and a listener as expected for its purpose.