Skillv1.1.0

ClawScan security

qieman-mcp · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 14, 2026, 9:23 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill's stated purpose (financial data/analysis) matches its runtime behavior, but the SKILL.md requires installing a third‑party CLI and obtaining/configuring an API key (including providing a phone number and personal/org info) while the metadata declares no credentials or required binaries — this mismatch and the implied external install raise privacy and supply‑chain concerns.
Guidance: This skill appears to do what it says (talk to a qieman MCP service via a CLI) but the package installation and API key steps are not declared in the skill metadata — that mismatch is a red flag. Before installing or using it: (1) verify the authenticity of the qieman-mcp-cli npm package (check the package page, publisher, version history, and source repository), (2) prefer installing in a sandbox/VM or isolated environment rather than on your primary machine, (3) avoid giving organizational or highly sensitive phone/account info during signup — consider using a disposable account or phone if possible, (4) understand where the API key will be stored (local CLI config) and how to revoke it, (5) confirm the registry URL is intended (registry.npmmirror.com is a mirror) and consider using the official npm registry if you trust the package publisher, and (6) ask the skill author/maintainer to update the skill metadata to declare the API key and CLI dependency so the required privileges are explicit. If you cannot verify the npm package/source, treat this skill as higher risk and avoid installing it.

Review Dimensions

Purpose & Capability: noteThe skill claims financial-query and analysis capabilities and its instructions call a qieman MCP CLI to provide those features — that is coherent. However the package and API key required to use that service are not declared in the skill metadata (metadata lists no required binaries or credentials), creating an inconsistency between claimed requirements and actual runtime needs.
Instruction Scope: concernSKILL.md tells the agent/user to install and run the external CLI (qieman-mcp-cli), to obtain an API key via a web signup flow that requires a phone/SMS and potentially personal or institutional details, and to copy the API key into local CLI config. These instructions involve collecting personal data and storing a credential locally; they also direct visits to specific web endpoints (logout, activation, account pages). The skill does not instruct reading unrelated local files, but the manual signup and credential handling broaden the privacy surface.
Install Mechanism: concernThere is no built-in install spec in the skill bundle, but the reference workflow recommends npm install -g qieman-mcp-cli using the npmmirror registry. That requires fetching and installing third‑party code into the environment (global npm install) — a moderate supply‑chain risk. The skill metadata failing to declare this external dependency increases the concern.
Credentials: concernMetadata declares no required credentials, yet the runtime flow mandates obtaining and configuring an API key for qieman-mcp-cli. The skill will therefore require a sensitive secret (API key) and collection of a phone number and other personal/org info during signup, none of which are reflected in the declared requirements. This mismatch makes it unclear what secrets will be stored or transmitted and to whom.
Persistence & Privilege: okThe skill is instruction-only, has always:false, and does not request permanent platform privileges or claim to modify other skills or system-wide settings. Autonomous invocation is permitted by default (not a separate risk here) and should be considered in combination with the other concerns above.