Skillv1.0.0

ClawScan security

Weekly Report (OpenClaw) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 7, 2026, 4:32 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime instructions mostly match a weekly-report generator, but there are several inconsistencies and operational risks (hard-coded service endpoint, network-intercepting login, and a setup script that runs external installers) that warrant caution before installing or providing credentials.
Guidance: This skill largely does what it says, but take precautions before installing or running it: - Inspect scripts/setup.sh before running; it uses remote installers (curl|sh / PowerShell) which can execute arbitrary code. Prefer manual, vetted installation of dependencies. - Verify and, if needed, change the configured base_url and API IDs: defaults point to a specific IP (http://120.210.237.117:7006) and app/worksheet/view IDs — supplying your corporate credentials without confirming the endpoint could leak access to that host. - Be aware the login routine intercepts network requests and saves the authorization header and cookies to .token_cache. Run the tool in an isolated environment (VM or container) if you must provide real credentials, and delete cache files after use. - If you don't trust the hard-coded defaults, pass an explicit config file (--config) that points to your own instance or remove the default values. - Consider creating a limited-permission service account for the report system and a dedicated LLM API key rather than using a full-privilege personal credential. If you want, I can: (1) summarize exactly what setup.sh does, (2) list the external domains the scripts download from, or (3) produce a checklist of safe install steps (run in VM, inspect files, run in offline mode) to reduce risk.

Review Dimensions

Purpose & Capability: noteThe code implements the stated purpose (login, fetch reports, summarize with an LLM, generate a Word doc). Requesting a site username/password and an LLM API key is consistent with the feature set. However, registry metadata earlier listed no required env vars while SKILL.md and the code clearly require WEEKLY_REPORT_USERNAME, WEEKLY_REPORT_PASSWORD, and DEEPSEEK_API_KEY — this metadata mismatch is unexpected and should be resolved.
Instruction Scope: concernLogin code uses Playwright to observe network requests and capture an authorization header (it looks for a substring like 'md_pss_id'), and it restores cookies and intercepts API responses to extract data. Capturing network requests and saving tokens/cookies is invasive by design (to obtain auth), but it also means the skill can capture any authorization headers visible in that browser session. The SKILL.md instructs running a setup script and provides commands that will install tooling and run Playwright; these steps expand the runtime scope beyond simple API calls.
Install Mechanism: concernThere is no platform-level install spec in the registry, but SKILL.md requires running scripts/setup.sh (and provides curl|sh / powershell install snippets). The manual instructions include piping installers from external URLs (e.g., astral.sh for 'uv') and running Playwright installer commands. Running curl | sh / remote PowerShell and installing browser runtimes is higher risk: it downloads and executes code from external hosts outside the skill bundle. Review scripts/setup.sh before running and prefer installing dependencies from trusted package managers.
Credentials: noteThe environment variables requested by the skill (WEEKLY_REPORT_USERNAME, WEEKLY_REPORT_PASSWORD, DEEPSEEK_API_KEY) are plausible for logging into a report system and calling an LLM. However, the default configuration contains a hard-coded base_url that points to an IP (http://120.210.237.117:7006/hap) and embedded worksheet/app/view IDs. That means credentials you supply will be used to access that specific host by default — verify this is the intended target before providing sensitive credentials. Also the registry metadata omitted environment requirements, which is inconsistent.
Persistence & Privilege: okThe skill does not request 'always: true' and does not modify other skills. It caches tokens and data in local files (.token_cache, .data_cache) in the working directory — expected for this tool but note persisted tokens/cookies are stored on disk. No system-wide configuration changes are requested by the code.