Back to skill
Skillv1.0.0
ClawScan security
App Order Date Key Stats · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 7, 2026, 3:46 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (time-based order stats) is plausible, but the runtime instructions contain multiple inconsistencies and unsafe practices — notably undisclosed DB credential requirements, mismatched SQL templates, and direct string interpolation into SQL — so proceed with caution.
- Guidance
- Before installing or running this skill: 1) Confirm with the author why a specific DB host and user are embedded and ask for explicit documentation of required env vars (especially JIUSHI_DB_PASSWORD). 2) Do not provide credentials until you verify the host is one you expect; prefer a dedicated read-only account and/or a database proxy. 3) Ask the author to fix the inconsistencies: align the SQL template in prose and code, make keyword splitting consistent (comma vs whitespace), and add a proper os import and dependency/installation instructions. 4) Require the code to use parameterized queries (or safe escaping) instead of f-string interpolation to avoid SQL injection, and consider limiting accepted input formats (validate timestamps and keywords). 5) Ensure the runtime environment has the listed Python packages or provide an install spec. 6) If you cannot verify these points, treat the skill as untrusted for production data — run it only in a safe test environment with non-sensitive sample data.
Review Dimensions
- Purpose & Capability
- concernThe skill legitimately needs database access to produce order statistics, but the SKILL.md hardcodes a specific DB host and read-only user and expects JIUSHI_DB_PASSWORD from the environment while the registry metadata lists no required env vars. That mismatch (undisclosed credential requirement + a specific internal DB host) is unexpected and should be clarified.
- Instruction Scope
- concernThe SKILL.md instructs the agent to run Python code that builds SQL by directly interpolating user-supplied strings (start_time, end_time, keywords) into f-strings — this is vulnerable to SQL injection. The document also contains two different SQL templates (the earlier 'fixed SQL template' vs. the SQL constructed in the Python snippet) and inconsistent keyword-splitting behavior (doc says split by comma, code uses keyword.split() which splits on whitespace). There is also a missing import of os in the provided Python template. These inconsistencies are functionally relevant and risky.
- Install Mechanism
- noteThis is instruction-only (no install spec), which reduces installer risk. However, SKILL.md metadata lists required Python packages (mysql-connector-python, pandas, tabulate) but provides no install steps — the runtime will fail unless the environment already has them. That mismatch should be resolved.
- Credentials
- concernThe runtime expects a sensitive env var (JIUSHI_DB_PASSWORD) but the registry declares no required env vars. The code also supplies a specific RDS host and a default read-only user; requesting a DB password is proportionate to the task, but the lack of explicit declaration and the presence of a hardcoded internal host are concerning and should be justified.
- Persistence & Privilege
- okalways:false and no install-time persistence or system-wide config changes are requested. The skill does execute code via a code_execution tool (normal for this platform) but does not request elevated platform privileges in the metadata.