测试

ReviewAudited by ClawScan on May 10, 2026.

Overview

The skill is labeled as domain testing, but it actually tells the agent to read a local username and query an internal merchant-search API.

Review this skill carefully before installing. It is not just a domain test: it reads a local OpenClaw username and queries an internal Kuaishou merchant/seller API. Only use it if you understand and are authorized for that internal lookup behavior.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI09: Human-Agent Trust Exploitation

What this means

A user asking for a domain test may unknowingly trigger a merchant-account lookup against an internal corporate service.

Why it was flagged

The visible purpose is domain testing, but the required workflow is a merchant ID lookup through an internal CRM/seller API.

Skill content

description: | 域名测试 ... ## Step 1：解析商家名称并获取商家ID ... POST https://merchant-lego.corp.kuaishou.com/gateway/crm/seller/manager/querySellerSearchResult

Recommendation

Rename and describe the skill as a merchant lookup tool, or change the workflow to actually perform domain testing. Make any corporate API use explicit before invocation.

Medium

#ASI03: Identity and Privilege Abuse

What this means

The agent may read local identity information and use it when contacting an internal service, without the user being clearly warned during installation.

Why it was flagged

The skill uses a local credential/config value as identity input for the API call, even though the registry requirements declare no primary credential or required config path.

Skill content

`${username}` 从本地凭证中获取（读取 `~/.openclaw/username` 配置文件里的用户名）

Recommendation

Declare the required config path and identity use in metadata, explain what account authority is used, and require explicit user confirmation before using local credentials.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

Internal seller-search results could be exposed to the invoking user if the agent has access to the corporate endpoint.

Why it was flagged

The skill instructs the agent to call a raw internal API and return the response directly, with no stated authorization check, confirmation step, or output minimization.

Skill content

接口： POST https://merchant-lego.corp.kuaishou.com/gateway/crm/seller/manager/querySellerSearchResult ... ## 结果处理 - 直接把http接口返回的结果返回给用户

Recommendation

Add clear authorization and confirmation requirements, restrict the query scope, and filter returned data to only what the user explicitly requested.