Skillv1.0.3

ClawScan security

OPC商城 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 24, 2026, 4:48 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior matches its description (it uses curl to call the listed e‑commerce endpoints and asks for phone/consignee/address to place orders), but it will transmit personal contact data to an external domain (tools.gangzheng.tech) and the source/homepage is unknown — so verify trust before use.
Guidance: This skill appears coherent for browsing products and placing orders, but it will ask for and send personal contact details (phone number, recipient name, delivery address) to https://tools.gangzheng.tech. Before installing or using it: (1) confirm you trust that domain/operator (there's no homepage listed); (2) insist the agent asks for explicit permission before making any POST/order call (avoid silent or automatic ordering); (3) consider testing with non-sensitive dummy data first; (4) avoid entering highly sensitive addresses or payment tokens here; (5) if you don't want the agent to act autonomously to place orders, disable autonomous invocation or require explicit user confirmation for actions that transmit PII. If you need attribution or a privacy policy for the service, get that from the skill author before using with real customer data.

Review Dimensions

Purpose & Capability: okName/description describe product search, ordering, and reading published stories; the skill only requires curl and its SKILL.md shows GET/POST calls to e‑commerce endpoints that implement exactly those capabilities. There are no unrelated binaries, credentials, or install steps.
Instruction Scope: noteInstructions are narrowly scoped to: call the listed endpoints, prompt for quantity when absent, and collect phone/consignee/address before POSTing orders. This is appropriate for placing orders, but it explicitly collects and transmits PII (phone number and full delivery address) to an external service. The agent instructions do not reference unrelated files, env vars, or system state.
Install Mechanism: okNo install spec and no code files — instruction-only. This minimizes local persistence and filesystem risk. The only runtime requirement is curl, which is reasonable and declared.
Credentials: noteThe skill requests no environment credentials (good), but it collects sensitive user-provided contact data required for ordering. Requiring phone/consignee/address is proportionate to the described purpose, but these are personal data and the SKILL.md will cause them to be sent to an external, third-party domain (tools.gangzheng.tech) with no homepage/owner information in the manifest.
Persistence & Privilege: okalways is false and the skill is instruction-only, so it does not request permanent elevated presence. The skill does allow autonomous invocation by default (platform normal), so consider whether you want the agent to be able to place orders without explicit confirmation.