Skillv1.0.1

ClawScan security

kwaishop-intelligent-diagnosis-skill_test · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 8:50 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions ask the agent to read a local credential file and call an internal corporate API even though no credentials or config paths are declared—this mismatch could leak internal data or indicates sloppy/unsafe design.
Guidance: This skill instructs the agent to read a local file (~/.openclaw/username) and call an internal corporate API, but the skill metadata doesn't declare any required credentials or config paths. Before installing or running it: 1) Verify the skill's origin and trust the publisher—the source is 'unknown'. 2) Ask the author to document required config (or switch to an explicit env var) and to justify why a local username file is needed. 3) Don't run it in an environment with sensitive credentials or network access to corporate services; use an isolated sandbox or test account. 4) Review the ~/.openclaw/username file contents and ensure it doesn't contain secrets beyond a simple identifier. 5) Prefer a version that authenticates explicitly (API key or token) and documents endpoints, or that prompts the user for the username rather than silently reading a local file. If you can't validate the above, treat the skill as risky and avoid installing it on machines with access to internal networks or sensitive data.

Review Dimensions

Purpose & Capability: noteThe skill is named and described as a 'domain test' / '域名测试', but its only concrete action is to call an internal merchant lookup API (merchant-lego.corp.kuaishou.com) to resolve a sellerName to seller IDs. That could be consistent if the intended purpose is diagnosing merchant/domain mappings, but the description lacks that context and the required access to an internal corporate API is not declared in metadata, making the purpose↔capability alignment unclear.
Instruction Scope: concernThe SKILL.md explicitly instructs the agent to read a local file (~/.openclaw/username) to obtain a username, then POST that plus the parsed sellerName to an internal endpoint and return the HTTP response to the user. The skill text reads a local config file (not declared) and forwards the entire API response to the user — both are out-of-band actions relative to the simple 'domain test' label and could expose internal IDs or sensitive info.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so there is no installer risk. However, instruction-only skills that perform I/O can still exfiltrate data when run.
Credentials: concernThe skill requires reading a local configuration file (~/.openclaw/username) but declares no required env vars or config paths in its metadata. Asking for local credentials/config without declaring them is disproportionate and hides a credential-access vector. The internal API host used is corporate (merchant-lego.corp.kuaishou.com) but no credential or network access requirements are documented.
Persistence & Privilege: okThe skill does not request persistent presence (always: false) and does not modify other skills or system-wide settings. Autonomy is allowed (default), which is normal for skills, but combined with the above concerns it increases the potential blast radius.