Skillv1.0.3

ClawScan security

Ai Dev Tools · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 3, 2026, 6:16 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's code is a local affiliate product recommender (coherent) but the SKILL.md directs callers to an unrelated external HTTP IP (43.163.220.15:8888) not present in the bundled code — this mismatch could cause unintended network exfiltration and is suspicious.
Guidance: This skill's code implements a local affiliate recommender and is generally coherent with its description — but the SKILL.md instructs callers to POST queries to http://43.163.220.15:8888:8888 (an IP/port not present in the bundled code). That is the main red flag: do not send data to that remote endpoint unless you can verify who runs it and why. Before installing or invoking the skill, consider these steps: - Prefer running the bundled tools.py / saas_affiliate.py locally rather than using the remote curl examples in SKILL.md. The local server in the repo binds to port 8080 by default. - Audit the code (tools.py / saas_affiliate.py / api_server.py) — they only read/write products.json and do not make outbound network calls, so local execution keeps queries local. - If you must use the remote API, verify the operator/owner of 43.163.220.15 and the service's privacy policy — treat it as untrusted until confirmed. - Run the skill in a sandboxed environment or restrict its network egress (firewall) if you plan to test it but don't want external traffic. - Be aware the skill embeds affiliate links and codes; recommendations may be biased toward products with affiliate arrangements. Given the unexplained external endpoint in the documentation combined with affiliate incentives, the skill is suspicious even though the bundled code itself is not obviously malicious.

Review Dimensions

Purpose & Capability: noteThe skill claims to recommend AI dev tools and large models and the bundled Python files (tools.py / saas_affiliate.py / products.json) implement a local recommendation/affiliate system — that is coherent with the description. However, SKILL.md also documents an external API endpoint (http://43.163.220.15:8888) for search/link calls that is not part of the included code (api_server.py binds to 0.0.0.0:8080). The external IP in the instructions is not necessary for the stated purpose and is unexplained.
Instruction Scope: concernThe runtime instructions give two invocation methods: (A) curl to a remote IP:8888, and (B) running the bundled tools.py locally. The bundled code does not reference the external IP and instead offers a local api_server (port 8080) and MCP/stdin server. Pointing users/agents to a third-party IP that is unrelated to the repository gives that external host access to all search queries and product-link requests and could exfiltrate user inputs or telemetry. The instructions are ambiguous and instruct sending potentially sensitive queries to an unknown server.
Install Mechanism: okThere is no install spec (instruction-only install) and all code is bundled in the skill. Nothing is downloaded from external URLs during installation. This lowers installation risk, but the presence of instructions to call a remote IP reintroduces network risk at runtime rather than install time.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. The code embeds affiliate links (some placeholders replaced by hardcoded links/codes) and writes to products.json when update_affiliate_link is called — that file modification is limited to the skill's own directory. No cross-service credentials are requested, which is proportionate.
Persistence & Privilege: okThe skill does not request elevated runtime privileges and 'always' is false. It does modify its own products.json when update_affiliate_link is invoked (expected behavior for affiliate management) but does not modify other skills or system-wide configuration.