Skillv1.0.1

ClawScan security

intelligent-diagnosis-skill_test · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 8:49 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill is labeled as a 'domain test' but its runtime instructions call an internal merchant API and read a local config file (~/.openclaw/username) that was not declared — this mismatch could lead to unexpected data access or leakage.
Guidance: This skill's name says 'domain testing' but its instructions perform a merchant lookup using an internal Kuaishou API and read your local ~/.openclaw/username file without declaring that requirement. Before installing or enabling it, ask the publisher to: (1) explain why a domain-test tool needs access to ~/.openclaw/username and the merchant API; (2) declare any required config paths or credentials explicitly; (3) change the flow so the user supplies the username at runtime (rather than silently reading a local file) if that is necessary; and (4) provide a clear privacy/data-use statement and the exact endpoint being called. If you don't trust the publisher or the internal endpoint, do not enable this skill and consider running it in a sandboxed environment or asking for the SKILL.md to be corrected so purpose and instructions align.

Review Dimensions

Purpose & Capability: concernName/description indicate 'domain test' but the SKILL.md only documents looking up a merchant by name via an internal Kuaishou merchant API (merchant-lego.corp.kuaishou.com). The required action (merchant lookup) does not match the skill's stated purpose and suggests the manifest is mislabeled or the functionality is different from the advertised purpose.
Instruction Scope: concernRuntime instructions tell the agent to read a local config file (~/.openclaw/username) for a username and to POST that username and a parsed sellerName to an internal HTTP endpoint, then return the raw HTTP response to the user. Reading an undeclared local file and transmitting its contents to an external/internal service is scope creep and may expose sensitive local data.
Install Mechanism: okNo install spec and no code files; instruction-only skills have a lower disk/write risk. The security surface is the SKILL.md runtime instructions themselves.
Credentials: concernThe skill accesses a local configuration path (~/.openclaw/username) but does not declare any required config paths or credentials. Requesting local credentials (even just a username) without declaring them or explaining why is disproportionate and unexpected for a 'domain test' skill.
Persistence & Privilege: okalways is false and there's no indication the skill modifies other skills or requests permanent system-wide privileges. Autonomous invocation is allowed by default but does not by itself change this assessment.