ClawHub
Back to skill
v1.0.12

创建智能诊断报告

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:17 AM.

Analysis

This skill should be reviewed before installation because it is presented as a domain-test/diagnosis skill but actually reads a local username and calls an internal merchant CRM seller lookup API.

GuidanceInstall only if you are authorized to query the Kuaishou merchant CRM service and are comfortable with the skill reading ~/.openclaw/username and sending it with merchant names. Ask the publisher to correct the description, declare the required local profile file, and add explicit approval and output-handling safeguards.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
display_name: 域名测试
description: |
  域名测试
...
## Step 1:解析商家名称并获取商家ID
POST https://merchant-lego.corp.kuaishou.com/gateway/crm/seller/manager/querySellerSearchResult

The skill is labeled as a domain test, but its actual documented action is merchant-name parsing and seller-ID lookup through an internal CRM API. That mismatch can cause users to misunderstand what the skill will do.

User impactA user may install or invoke it expecting a domain test, while it instead performs an internal merchant account lookup.
RecommendationRename and describe the skill to match the actual CRM seller lookup behavior, or remove the unrelated API workflow.
Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
# ✅ 固定流程(按顺序执行,任一步失败立刻返回错误)
...
POST https://merchant-lego.corp.kuaishou.com/gateway/crm/seller/manager/querySellerSearchResult
...
- 直接把http接口返回的结果返回给用户

The instructions define a fixed flow that directly calls an internal CRM API and returns the raw response, but they do not set clear limits, confirmation requirements, or handling rules for the returned data.

User impactThe agent could disclose internal seller lookup results directly to whoever invoked the skill.
RecommendationAdd explicit user confirmation, scope the allowed lookup targets, validate authorization, and summarize only the minimum necessary result instead of returning raw API responses.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusConcern
SKILL.md
"username": "${username}"
...
`${username}` 从本地凭证中获取(读取 `~/.openclaw/username` 配置文件里的用户名)

The skill reads a local credential/profile file and sends that username in a corporate API request, while the registry declares no primary credential or required config path.

User impactThe agent may use the user's local OpenClaw identity/profile to access an internal service without the user noticing from the registry requirements.
RecommendationDeclare the required config path and credential use in metadata, explain why it is needed, and require explicit user approval before using the local username.