Skillv1.0.0

ClawScan security

Lerwee Alert Inspection · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 13, 2026, 10:52 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and SKILL.md require an API URL and secret and will POST monitoring data to that endpoint, but the registry metadata does not declare those required credentials — this mismatch and the runtime behavior (generating and executing a temporary script, network calls) warrant caution.
Guidance: Before installing or running this skill, note that: (1) it requires LWJK_API_URL and LWJK_API_SECRET (the registry did not declare these) and will POST paginated requests to that API — verify the URL is a trusted internal endpoint and only provide a secret you intend to share; (2) it reads skills/alert-inspection/.env by default (check or remove this file if it contains unwanted endpoints); (3) at runtime it creates a temporary Python export script under /tmp with replaced placeholders and executes it — review the template (references/export_excel_template.py) and ensure your runtime environment is safe; (4) Python runtime dependencies (e.g., openpyxl) are required but not declared in metadata — run in a sandbox or prepared environment; (5) if you only want to review behavior safely, run generate_report.py with --hosts-file and --problems-file pointing to local JSON files to avoid any network calls. If you plan to use this in production, update the registry metadata to declare LWJK_API_* as required and audit the LWJK_API_URL host and the code to confirm it meets your security policies.

Review Dimensions

Purpose & Capability: concernThe skill's description says it fetches monitoring data and exports reports — the code and SKILL.md consistently require LWJK_API_URL and LWJK_API_SECRET and perform paginated POST requests to that API, which is coherent with the stated purpose. However, registry metadata declared no required environment variables or primary credential, which is inconsistent and misleading: the skill will fail or attempt network calls depending on values in skills/.env. The code also reads a local .env file by default (skills/alert-inspection/.env).
Instruction Scope: noteSKILL.md prescribes precise runtime behavior: two separate host-list queries with explicit active_status parameters, generation of a temporary export script (copied into /tmp and executed), writing normalized JSON and an .xlsx, and returning the file path and markdown. This scope is narrow and aligned with purpose, but the instruction to generate and execute a temp Python script (with placeholder replacement) increases risk because it executes dynamically generated code at runtime — even though the template provided is included in the repo and simply reads local JSON and writes an Excel file.
Install Mechanism: okThere is no install spec (instruction-only with included Python scripts). That minimizes install-time risk. However, runtime dependencies (e.g., openpyxl) are not declared in metadata; the environment must have those Python packages installed or the export step will fail.
Credentials: concernThe skill requires LWJK_API_URL and LWJK_API_SECRET (documented in SKILL.md and used in code) but the registry metadata lists no required env vars or primary credential. The included .env sets LWJK_API_URL to http://192.168.1.79/backend_api (an internal IP) and leaves LWJK_API_SECRET empty. Requesting an API endpoint and secret is reasonable for fetching monitoring data, but not declaring it in the registry is a mismatch that can hide the need to supply secrets. The code will sign and POST data to the configured API, meaning sensitive monitoring data could be transmitted to whatever host is set in LWJK_API_URL.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges. It writes outputs to the specified reports directory and creates/executes a temporary script under /tmp for export; it does not modify other skills or system-wide configs. These behaviors are normal for a data-export skill, but executing a generated script should be considered when evaluating runtime trust.