国际平台组测试合集
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill’s logistics-query purpose is coherent, but it uses sensitive JD API tokens with unsafe TLS settings and unquoted shell commands that deserve review before installation.
Only install this if you trust the publisher and understand that it will use a JD logistics API token. Before use, the maintainer should re-enable TLS certificate verification, declare the required credential, and change the command execution pattern so user inputs are validated and passed as safe arguments rather than pasted unquoted into shell commands.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or malformed query value could be interpreted by the shell as an extra command or could change the arguments sent to the script.
The skill instructs the agent to place user-derived parameter values directly into a shell command without quoting or escaping.
每个参数值不需要加任何引号,直接传值 ... node {baseDir}/scripts/get_isc_data.js dims的值 ... customerCodeList的值Use a structured command invocation with an argument array, or strictly validate and safely quote all user-derived values before execution.
On an untrusted or compromised network, the token and logistics query data could be exposed to a man-in-the-middle attacker.
The script sends the provider token in an HTTPS request while disabling certificate verification; the same unsafe TLS pattern appears in the other API scripts.
headers: { ... 'token': token, ... },
rejectUnauthorized: falseRemove `rejectUnauthorized: false` and require normal TLS certificate validation for all credential-bearing API requests.
Users may not realize before install that the skill needs a JD logistics API token and will send it to external provider endpoints.
The registry metadata does not declare the needed credential even though the capability signal and scripts indicate a sensitive token is required.
Required env vars: none ... Primary credential: none ... Capability signals - requires-sensitive-credentials
Declare the required `token` environment variable or primary credential clearly, including the intended endpoints and minimum token scope.
It may be harder to verify exactly which package identity and version you are trusting.
The bundled package metadata differs from the registry entry shown for `iplat-test-skill` version `1.0.0`, which creates provenance and update-tracking ambiguity.
"slug": "i-logisitics-skill", "version": "1.0.1"
Confirm the publisher and package identity, and ask the maintainer to align registry metadata, `_meta.json`, and origin metadata.