Skillv1.0.0

ClawScan security

FlowBridge · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 16, 2026, 2:19 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions align with its stated purpose as a demo/no‑code automation framework, but it simulates platform authorization and does not request real credentials — review omitted files and how you would supply real OAuth secrets before using in production.
Guidance: This package appears to be a self‑contained demo framework that simulates connectors rather than performing real OAuth/API calls. Before installing or using it in production: 1) inspect the omitted/full files (workflow_engine, permission_manager, template_center) for any network calls, filesystem access, or hardcoded endpoints; 2) if you intend to connect real services, plan to provide proper OAuth client IDs/secrets and implement secure storage (the skill currently does not request them); 3) run the code in a sandboxed environment first and review any log/export functionality to ensure no unintended data exposure; 4) avoid pip installing untrusted packages system‑wide — use a virtualenv. If you want stronger assurance, request the author/source to document how real authentication and token storage are handled and to provide an explicit privacy/security design.

Review Dimensions

Purpose & Capability: noteName/description promise real cross‑platform integration (WeChat, DingTalk, Feishu, WPS, Tencent Docs, Aliyun Drive). The included code defines connectors and OAuth endpoints, but the connector implementation simulates authorization/token issuance in memory and no environment variables or client secrets are requested. This is coherent for a local demo or simulator, but would be incomplete for a production connector that must store client IDs/secrets and perform real HTTP OAuth flows.
Instruction Scope: okSKILL.md and README instruct running tests, pip installing requirements, and importing the package. The runtime instructions do not tell the agent to read system files, secrets, or send data to unexpected external endpoints. Example code manipulates sys.path to import local scripts (normal for examples).
Install Mechanism: okNo install spec; code is delivered in the skill bundle and requirements.txt lists common libraries (requests, pyyaml, python-dateutil, schedule). No downloads from arbitrary URLs or archive extraction were specified. Risk from installation is typical for third‑party Python code (review before pip installing).
Credentials: noteThe skill requests no environment variables or external credentials even though its declared purpose is integrating with external platforms that normally require OAuth client IDs/secrets. The provided connector code creates mock tokens in memory rather than performing authenticated network exchanges — acceptable for a demo but incomplete for real integrations. No unrelated secrets or config paths are requested.
Persistence & Privilege: okSkill is not always‑on and uses default agent invocation settings. It does not request or attempt to modify other skills' configurations. There is no evidence of writing persistent system‑wide configuration or elevating privileges in the visible code.