Skillv1.0.4

ClawScan security

Invoice Verification - 发票查验 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 3, 2026, 10:01 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (calling JisuAPI to verify invoices) and only require a single API key; the only notable mismatch is an undeclared Python dependency (requests).
Guidance: This skill appears to do what it claims: it calls JisuAPI to verify invoice details and only needs the JISU_API_KEY. Before installing, ensure you: 1) provide a valid JISU_API_KEY and do not share it publicly (the key grants queries to your JisuAPI account); 2) allow outbound HTTPS to api.jisuapi.com because the script makes network calls; 3) install the Python 'requests' package in the runtime (the script requires it but the skill metadata does not declare it); 4) review JisuAPI pricing/rate limits and data-retention policies (requests consume your quota and may include sensitive invoice data); and 5) if you have strict security policies, consider running the script in an isolated environment since it transmits invoice data to a third-party API. Overall the skill is internally coherent and not suspicious, aside from the undeclared dependency.

Purpose & Capability: okName/description, SKILL.md, and the Python script all implement invoice verification via JisuAPI. The required env var JISU_API_KEY and the external endpoints (api.jisuapi.com) align with the stated purpose; required binary python3 is reasonable.
Instruction Scope: okRuntime instructions tell the agent to call the included script with a JSON payload and to set JISU_API_KEY. The script only reads the provided JSON and JISU_API_KEY and issues HTTPS requests to api.jisuapi.com; it does not read unrelated files, system credentials, or forward data to unexpected endpoints.
Install Mechanism: noteThere is no install spec (instruction-only), which is low risk. However, the included Python script depends on the third‑party 'requests' package which is not declared in the metadata or install instructions — a functional/dependency mismatch (operational, not obviously malicious). Ensure the runtime has requests available or add an install step (pip install requests).
Credentials: okOnly a single API credential (JISU_API_KEY) is required and is the stated primary credential. No other secrets, config paths, or unrelated environment variables are requested.
Persistence & Privilege: okThe skill is not always-enabled and does not request system-wide persistence. It does not modify other skills or system config. Autonomous invocation is allowed (platform default) but is not combined with other red flags.