Skillv1.0.0

ClawScan security

魔盒node服务开发技能包 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 26, 2026, 9:55 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: Instruction-only Node.js/TypeScript development and deployment guideline that matches its description and requests no extra credentials or installs, but it includes several deployment practices that are insecure or suboptimal and should be reviewed before use.
Guidance: This skill is coherent with its description and doesn't request credentials or install software, but review and harden the deployment recommendations before using them in production. Key items to address: avoid running sshd and cron inside containers (prefer sidecars or host tooling), remove or restrict chmod 777 usage (use least privilege), do not store DB passwords in ConfigMaps or plaintext files — use Kubernetes Secrets or a vault, avoid CORS_ORIGIN set to '*' in production, change the npm registry line to a secure HTTPS registry you trust, and tighten filesystem and container startup practices. If you plan to copy these templates into your CI/CD, scan them for secrets and replace ConfigMap-based passwords with secure secret management. If you want, I can produce a hardened version of the Dockerfile, Kubernetes manifests, and config-loading code with secure defaults.

Review Dimensions

Purpose & Capability: okThe skill is an instruction-only guideline for MagicBox Node service development and deployment. The files (code-style, directory-structure, config-management, container-deployment) are consistent with the stated purpose; there are no unexpected required binaries, env vars, or credentials.
Instruction Scope: noteInstructions stay within the expected scope (project structure, config loading from .env/.env.develop or /etc/magicbox-node/env.config.json, Docker/Kubernetes deployment). They reference reading /etc/magicbox-node/env.config.json and local .env files (expected). However, some runtime recommendations broaden runtime attack surface (starting sshd and crond inside container, setting world-writable permissions) and suggest copying plaintext credentials into ConfigMap — these are scope-consistent but security-risky deployment choices that are not necessary for the stated purpose.
Install Mechanism: okNo install specification and no code files to run; instruction-only means nothing is downloaded or written by the skill itself — low install risk.
Credentials: noteThe skill declares no required environment variables or credentials (proportionate). The guidance does, however, show examples that store DB credentials and secrets in plaintext (ConfigMap/env config), uses CORS_ORIGIN="*", and sets npm registry to an HTTP endpoint — these practices expose sensitive data and are not recommended for production.
Persistence & Privilege: okalways:false and no install actions; the skill does not request persistent presence or modify other skills or system-wide agent settings. Normal autonomous invocation is allowed (platform default).