Skillv1.0.0

ClawScan security

ClawHub Automation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 14, 2026, 5:19 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The package largely matches its advertised automation features, but there are inconsistencies around credential handling and real external integrations that a user should understand before trusting it in production.
Guidance: This package provides a full local implementation of a workflow engine and simulated connectors for many Chinese platforms, but it does not declare or manage real OAuth credentials or other secrets. If you plan to connect it to production accounts, you will need to supply proper client IDs/secrets and a secure token storage mechanism yourself — the skill currently simulates authorization and returns in-memory tokens. Before installing or granting any access: (1) confirm whether the distributed code will perform live network calls in your environment (the connector code as packaged simulates operations but real adapters may be added later), (2) do not feed real credentials into example scripts unless you review and modify secure storage/transport, and (3) if you need real OAuth, ensure redirect handling and secret storage are implemented safely. Because the metadata omits credential requirements while the code advertises real integrations, treat this package as a prototype/template rather than a production-ready connector without further review.

Review Dimensions

Purpose & Capability: noteThe code implements a workflow engine, connector manager, AI flow generator, template center, execution monitor and permission manager consistent with the 'cross-platform automation' description. However, the skill advertises integrations with real services (WeChat, DingTalk, Feishu, WPS, Tencent Docs, Aliyun Drive) while requesting no environment variables or credentials. Real OAuth client IDs/secrets or API keys are not declared/required by the skill metadata, which is surprising for a tool that claims to perform live cross-platform operations.
Instruction Scope: okSKILL.md and README contain only usage instructions such as 'pip install -r requirements.txt' and run examples/tests. The runtime instructions and examples operate on the packaged Python modules and simulated authorization flows; they do not instruct the agent to read unrelated system files, environment variables, or to exfiltrate data. There are no directives that expand scope unexpectedly.
Install Mechanism: okThere is no install spec in the registry (instruction-only). The package ships source files and a requirements.txt listing common libraries (requests, pyyaml, python-dateutil, schedule). No remote download URLs, archive extraction, or unusual installation steps are present.
Credentials: concernThe skill declares no required environment variables or primary credential, yet it claims to integrate with OAuth-based services. Connector configuration (config/connectors.yaml) lists auth_url and api_base endpoints but no client_id/client_secret handling. The ConnectorManager.authorize(...) method simulates token issuance rather than performing a real OAuth flow. If a user expects live integrations, additional secrets and secure storage will be required — those are not requested or documented by the skill metadata, which may mislead non-technical installers.
Persistence & Privilege: okRegistry flags are default (always:false, agent can invoke autonomously). The code stores auth tokens in memory (ConnectorManager.auths) and does not appear to modify other skills or agent-wide configuration. There is no evidence the skill requests permanent elevated platform presence.