Skillv0.1.0

ClawScan security

Mcdonald · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:02 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior (calling an MCP API using a user token and performing account actions like one-click coupon claims) matches its description, but there are important metadata and safety gaps you should review before installing.
Guidance: Before installing: (1) Verify the skill's source — the registry shows no homepage or publisher information, which makes authenticity harder to confirm. (2) Expect to provide an MCD_TOKEN (a bearer token) — only supply a token if you trust the MCP service and understand the token's scope; prefer a read-limited or short-lived token if possible. (3) The skill uses curl but metadata doesn't declare that dependency — ensure curl is available. (4) The 'auto-bind-coupons' tool will perform account actions; require explicit user confirmation before the skill performs any coupon-claiming. (5) Ask the publisher to fix metadata inconsistencies (declare required env var(s) and required binary) and to provide a homepage or documentation link so you can verify the endpoint (https://mcp.mcd.cn) is legitimate. If you can't verify the source or token scope, treat the skill as higher risk and avoid providing long-lived production tokens.

Review Dimensions

Purpose & Capability: concernThe SKILL.md describes exactly the advertised capabilities (querying/claiming coupons, nutrition, store info) and requires an MCP API token and an MCP URL, which are appropriate for the stated purpose. However the registry metadata claims no required environment variables and no required binaries while the runtime instructions explicitly require MCD_TOKEN (sensitive credential) and use curl — a binary that must exist. That mismatch is an incoherence that should be resolved.
Instruction Scope: noteInstructions are narrowly scoped to calling the MCP JSON-RPC endpoints via curl and parsing responses. They only reference MCD_TOKEN and optional MCD_MCP_URL. One notable behavior: the skill includes an 'auto-bind-coupons' action which actually performs account-altering operations (claims coupons). This is within the advertised functionality but is potentially sensitive and should require explicit user consent before executing.
Install Mechanism: noteThere is no install spec (instruction-only), which is low risk for arbitrary code install. Still, the runtime relies on curl being available; the skill does not declare that dependency in metadata. No downloads or external installers are present.
Credentials: concernThe SKILL.md requires a sensitive credential (MCD_TOKEN) and optionally MCD_MCP_URL, which are reasonable for interacting with a private API. But the published registry metadata did not declare any required env vars or primary credential — an inconsistency. Requiring a bearer token that can perform state-changing actions (claiming coupons) is proportionate for the feature set only if the token's scope is limited and the user is warned and consents; the skill's metadata should explicitly declare this credential requirement.
Persistence & Privilege: okThe skill does not request persistent presence (always is false) and does not modify other skills or system settings. It relies on runtime exec calls but does not ask for elevated or persistent privileges.