Skillv4.1.0

ClawScan security

Business Information Inquiry Tool‌ · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 8:09 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's description says no credentials/config are required, but the bundled code clearly reads multiple API keys and dotenv paths (TAVILY_API_KEY, KIMI/MOONSHOT/MINIMAX keys, SEARXNG_BASE_URL, etc.) and will send queries to third‑party search APIs — this mismatch and the dotfile access are concerning.
Guidance: This skill is coherent with its stated function (web search + HTML report), but it hides a practical requirement: the code will look for a Tavily API key and may use host-specific search API keys or a SearXNG base URL. Before installing: (1) Review the Python files yourself — they are included and readable. (2) Do not keep unrelated secrets in the dotfiles the script scans (~/.openclaw/workspace/.env, ~/.env, etc.); run the skill in an isolated account or sandbox if possible. (3) If you don't want external APIs to see your queries, avoid setting any API keys and rely on DuckDuckGo fallback (lower quality). (4) Ask the publisher to update the skill metadata to explicitly list required env vars (TAVILY_API_KEY, KIMI/MOONSHOT/MINIMAX keys, SEARXNG_BASE_URL) so you can make an informed decision. (5) If you must proceed, test with a non-sensitive company name and inspect network calls (or run with network disabled) to confirm behavior. If you store secrets in .env files, consider deleting/moving them before running this skill.

Review Dimensions

Purpose & Capability: concernThe skill's stated metadata lists no required environment variables or credentials, yet the code and SKILL.md expect and prefer a Tavily API key and optionally host-native search keys (KIMI_API_KEY / MOONSHOT_API_KEY / MINIMAX_*), and a SEARXNG_BASE_URL. These credentials are coherent with a web-search based intelligence tool, but their absence from declared requirements is an incoherence that prevents informed risk assessment.
Instruction Scope: concernSKILL.md and the Python scripts instruct the agent to run a four-layer search chain (Tavily → host native → SearXNG/DDG → web_fetch) and to deep‑fetch pages (Baike, qcc, tianyancha, eastmoney, etc.). The runtime instructions and code also attempt to read environment variables and specific dotfiles (e.g., ~/.openclaw/workspace/.env, ~/.env and other workspace .env paths) to discover API keys. Reading those dotfiles can expose unrelated secrets on the host — the instructions give the agent broad discretion to access local env files and to contact multiple external endpoints, which expands the data the skill can reach beyond the stated single-purpose data extraction.
Install Mechanism: noteNo install spec (instruction-only) — the skill ships with Python scripts and templates only. That keeps install risk low (nothing is downloaded during install). The provided code uses only Python standard libraries (urllib, re, json), so no external package install is required; installation is therefore low risk, but the code will perform network I/O at runtime.
Credentials: concernDespite metadata declaring no required env vars, the code actively looks for and uses multiple environment variables and dotenv files: TAVILY_API_KEY (primary), KIMI_API_KEY / MOONSHOT_API_KEY, MINIMAX_CODE_PLAN_KEY / MINIMAX_CODING_API_KEY, SEARXNG_BASE_URL and more. It also enumerates several possible .env file locations. Requesting or reading these values is proportionate to using external search APIs, but the skill should have declared them. Additionally, probing common .env paths risks exposing other unrelated credentials present in those files.
Persistence & Privilege: okThe skill is not force‑enabled (always:false) and does not request persistent installation or modify other skills. It performs network calls at runtime but does not request elevated agent privileges or persistently alter agent configuration.