warn
suspicious.insecure_tls_verification
- Location
- scripts/check_sensitive_words.py:34
- Finding
- HTTPS certificate verification is disabled.
xhs-prohibited-word(小红书违禁词查询)
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.insecure_tls_verification
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI07: Insecure Inter-Agent CommunicationWhat this means
Text from pasted content, selected files, or extracted webpages may be transmitted to the external detection service.
Why it was flagged
The user’s submitted copy is sent to a third-party API endpoint for detection. This fits the skill’s purpose, but it means private drafts or business content leave the local environment.
Skill content
_DEFAULT_SENSITIVE_API_URL = "https://onetotenvip.com/story/cozeSkill/sensitiveWordSearch" ... payload = {"content": content, "platform": "小红书", "source": "小红书违禁词查询-ClawHub"}Recommendation
Use the skill only with content you are comfortable sending to that service, and the maintainer should clearly disclose the endpoint and data-handling expectations.
NoteHigh Confidence
ASI07: Insecure Inter-Agent CommunicationWhat this means
If TLS verification is turned off, submitted text could be exposed to interception or tampering on the network.
Why it was flagged
The script contains a code path that disables TLS certificate verification when ssl_verify is false, though detection defaults to verification enabled unless an environment variable disables it.
Skill content
ctx.check_hostname = False ctx.verify_mode = ssl.CERT_NONE
Recommendation
Keep TLS verification enabled, and avoid setting XHS_SENSITIVE_WORD_VERIFY_SSL to 0/false/no unless there is a controlled and well-understood reason.
NoteMedium Confidence
ASI02: Tool Misuse and ExploitationWhat this means
Accidentally providing the wrong file path or URL could process unintended content; unsafe shell quoting could also be risky in some agent runtimes.
Why it was flagged
The workflow passes user-controlled text, file paths, and URLs into a local script. This is central to the skill, but it should be done with safe argument passing and only for user-intended files or URLs.
Skill content
直接调用 `python scripts/check_sensitive_words.py --content="文案内容"` ... `--file=/path/to/file.txt --extract-only` ... `--url=https://example.com --extract-only`
Recommendation
Provide only intended files/URLs, and the runtime or maintainer should invoke the Python script with structured arguments rather than unsafe shell string interpolation.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
The skill may require extra package/browser installation before it works, which adds normal dependency provenance considerations.
Why it was flagged
The skill depends on third-party Python packages and a Playwright browser download, while the registry install section says there is no install spec.
Skill content
dependency:
python:
- python-docx==1.1.0
- beautifulsoup4==4.12.3
- playwright==1.58.0
system:
- playwright install chromiumRecommendation
Install dependencies from trusted package repositories in an isolated environment, and document the setup steps in registry metadata if possible.