Skillv1.0.0

ClawScan security

JD.com Shop Product List API · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 29, 2026, 4:07 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (calling JustOneAPI's JD shop item-list endpoint) and only requests the expected token and node runtime; no obvious misdirection or hidden exfiltration is present.
Guidance: This skill appears to do exactly what it claims — call JustOneAPI's JD shop item-list endpoint — and only asks for the JustOneAPI token and node to run the helper. Before installing, consider: 1) Tokens are sent as a URL query parameter and shown on the command line in the provided example, which can be exposed via process listings, shell history, or logs; prefer using short-lived tokens or modify the helper to read process.env.JUST_ONE_API_TOKEN directly to avoid passing secrets on the command line. 2) Verify you trust https://api.justoneapi.com and the owner before providing credentials. 3) The included node script prints only the backend JSON; the SKILL.md expects the agent to summarize it — this is a formatting note, not a security issue. If you need lower risk, request a version that reads the token from the environment and avoids placing it in the URL or command-line arguments.

Purpose & Capability: okName/description, required binary (node), declared env var (JUST_ONE_API_TOKEN), and the included run.mjs script all align with a small API wrapper for JustOneAPI's JD.com shop item list endpoint.
Instruction Scope: noteSKILL.md confines actions to calling the documented GET endpoint and prompting for the required shopId. It instructs how to run the bundled node helper and how to format output. Note: the helper sends the auth token as a query parameter and the SKILL.md example passes the token via a command-line flag ("--token \"$JUST_ONE_API_TOKEN\""). Both behaviors are functional but can lead to accidental exposure (see environment_proportionality).
Install Mechanism: okNo install spec; instruction-only plus a small included Node script. Nothing is downloaded from arbitrary URLs or written to unusual locations.
Credentials: noteOnly JUST_ONE_API_TOKEN is required, which is appropriate for this API. However, the token is passed to the helper as a CLI argument and appended to the request URL as a query parameter — this may expose the token in process listings, shell history, or network/proxy logs. The skill itself does not request unrelated secrets.
Persistence & Privilege: okThe skill is not always-enabled, does not request system-wide config paths, and does not modify other skills or global settings.