Back to skill
Skillv1.0.0
ClawScan security
Bailian KnowledgeBase Retrieve · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 24, 2026, 2:34 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and requested credentials align with its stated purpose of retrieving vectorized documents from an Alibaba-hosted knowledgebase; no evidence of unrelated data access or hidden endpoints was found.
- Guidance
- This skill appears coherent and performs exactly what it says: it will send your query and the provided DASHSCOPE_API_KEY and KNOWLEDGEBASE_ID to the Dashscope/Aliyun retrieve endpoint and print returned documents. Before installing or using it, verify the following: (1) only provide an API key that is scoped/limited to the specific knowledgebase (avoid sharing full account/root keys); (2) confirm you trust the skill source and the Alibaba endpoint used (dashscope.aliyuncs.com) because responses may contain proprietary content; (3) ensure the runtime environment has the Python 'requests' package installed (the SKILL.md only lists python3); (4) consider using short-lived or revocable credentials and auditing access logs on your knowledgebase; and (5) avoid passing highly sensitive queries unless you are comfortable that the remote service and provided API key are trusted and access-controlled.
Review Dimensions
- Purpose & Capability
- okName/description (Bailian KnowledgeBase retrieve) matches what the code does: it sends a search request to an Alibaba/Dashscope retrieve API using a knowledgebase ID and API key. The requested env vars (DASHSCOPE_API_KEY, KNOWLEDGEBASE_ID) are directly used by the script.
- Instruction Scope
- okSKILL.md instructs running scripts/retrieve.py with a query and optional count. The script only reads the two declared environment variables, constructs an API request to dashscope.aliyuncs.com, and prints the JSON response. There are no commands that read arbitrary files, shell history, other env vars, or send data to unexpected endpoints.
- Install Mechanism
- noteThis is instruction-only (no install spec), so nothing is written to disk by an installer. Minor mismatch: the Python script imports the third-party 'requests' library but SKILL.md/metadata only require 'python3' (it does not declare that 'requests' must be present). Users must ensure the runtime has the 'requests' package installed.
- Credentials
- okThe skill requires two env vars: an API key (primaryEnv) and a knowledgebase ID. Both are proportionate and used exclusively to authenticate and target the retrieve request. No unrelated credentials or broad system config paths are requested.
- Persistence & Privilege
- okSkill is not always-installed and does not request persistent system changes. It does not modify other skills or system-wide settings. Autonomous model invocation is allowed by default but is not combined with other concerning privileges.