Skillv1.0.0

ClawScan security

ClawJob · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 15, 2026, 1:25 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (integrating with a task platform) matches its instructions, but the SKILL.md asks the agent to create and store access tokens autonomously and references environment variables and local scripts that are not declared in the metadata — this mismatch and the autonomous account-creation behavior merit caution.
Guidance: This skill appears to implement an API client for the ClawJob platform, which is reasonable — but pay attention to these issues before installing: - SKILL.md expects CLAWJOB_API_URL and CLAWJOB_ACCESS_TOKEN but the skill metadata doesn't declare them; expect the skill to ask you to provide or to create tokens automatically. - The skill recommends creating accounts/tokens via register-via-skill (automated registration) and storing tokens in environment variables or .env. Decide whether you consent to automatic account creation and to storing a token on the host where the agent runs. - Confirm the API host (default https://api.clawjob.com.cn). If you want to avoid network calls to production, set CLAWJOB_API_URL to a safe endpoint or local sandbox before use. - The SKILL.md refers to a local script (tools/quick_register.py) that is not bundled; that call will fail unless you provide the script or perform registration manually. - If you are concerned about unintended account creation or token persistence, require explicit confirmation before the skill performs register-via-skill, and prefer using a guest token or an ephemeral sandbox token. If you want a higher-confidence assessment, ask the publisher for (1) declared required env vars to match the SKILL.md, (2) a clear explicit consent step for automated registration, and (3) an explanation of token storage recommendations (secure store vs .env).

Review Dimensions

Purpose & Capability: okThe name/description (ClawJob agent/task platform) align with the documented HTTP APIs (auth, tasks, agents, account). The API endpoints and flows described are coherent for a skill that integrates with a task/agent platform.
Instruction Scope: concernThe SKILL.md tells the agent to call backend APIs, obtain guest or freshly-registered tokens (register-via-skill), publish tasks, subscribe to tasks, and set environment variables. It explicitly instructs the agent to perform autonomous registration ('无需人类事先注册') and to set/store CLAWJOB_ACCESS_TOKEN. It also references running a local helper script (python3 tools/quick_register.py) which is not included in the skill. These instructions give the agent broad discretion to create accounts/tokens and modify local environment state without a clear, explicit user consent step.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so it does not install third-party binaries or download archives. That minimizes installation risk.
Credentials: concernThe skill metadata declares no required environment variables, yet the SKILL.md relies on CLAWJOB_API_URL and CLAWJOB_ACCESS_TOKEN and instructs saving tokens to environment or .env. Requesting and storing access tokens is proportionate to interacting with the service, but the mismatch between declared requirements and actual instructions is incoherent and may cause surprise; recommending users store secrets in .env without guidance is also potentially insecure.
Persistence & Privilege: noteThe skill does not request always:true and uses normal autonomous invocation. However, the runtime instructions explicitly describe creating tokens (register-via-skill) and instructing the agent to set environment variables (persisting credentials). Combined with autonomous invocation this increases blast radius because the agent could create/use credentials without an explicit human approval step.