Skillv1.0.3

ClawScan security

Bailian Usage · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 18, 2026, 3:27 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and required files are consistent with its stated purpose (automatically logging into the Bailian console and extracting usage), and it does not request unrelated credentials or install arbitrary remote code.
Guidance: This skill appears to do exactly what it says: control the OpenClaw browser, read a local TOOLS.md for an Alibaba Bailian account, perform an automated login if needed, and extract usage info from the console page. Before installing or using it, consider: (1) Storing plaintext credentials in TOOLS.md is risky—store the file with restrictive filesystem permissions (chmod 600) or use a more secure credential mechanism if available. (2) Inspect the included query_browser.sh yourself; running it will cause the agent to type your password into a browser session—only run if you trust the host and OpenClaw runtime. (3) If you prefer not to store credentials, use the manual login fallback described in SKILL.md. (4) Verify that the OpenClaw 'browser' tool runs locally (not on an untrusted remote environment) so credentials are not exposed remotely.

Review Dimensions

Purpose & Capability: okName/description (query Bailian Coding Plan usage) match the included assets: SKILL.md, README, and query_browser.sh implement browser automation to open the Bailian console, check login, optionally login, and parse usage. No unrelated services, environment variables, or binaries are requested.
Instruction Scope: okSKILL.md and query_browser.sh limit actions to starting the openclaw browser tool, navigating to the Bailian console, optionally auto-filling credentials from a local TOOLS.md, and extracting DOM text with evaluate. The instructions do read a local file (~/.openclaw/workspace/TOOLS.md) for credentials, which is necessary for automated login and is declared in the package metadata.
Install Mechanism: okNo install spec is present (instruction-only skill with an included shell script). Nothing is downloaded from external URLs or extracted to disk during install; risk from the install mechanism is low.
Credentials: noteThe skill requests no environment variables and its only credential access is to a local TOOLS.md file holding an Alibaba account and password. This is proportionate for an automated login workflow, but storing plaintext credentials in a workspace file is inherently sensitive and increases risk if the host or workspace is compromised.
Persistence & Privilege: okThe skill is not declared always:true and does not modify other skills or system-wide configs. It reads and uses only its own workspace files and the browser profile; autonomous invocation is allowed by default (normal for skills).