Skillv1.0.0

ClawScan security

Lerwee Fault Handling · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 13, 2026, 10:52 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (submitting scripts to a remote run-script API and polling results), but the package metadata omits required credentials and the shipped .env contains a hard-coded external API endpoint (https://8.lwops.cn) — this mismatch and the external endpoint are unexplained and worth caution.
Guidance: This skill appears to do what it says (submit run-script tasks and poll results), but there are two red flags you should consider before installing or using it: 1) Metadata mismatch: The registry metadata claims no required environment variables, but SKILL.md and the script require LWJK_API_URL and LWJK_API_SECRET. That mismatch could be an oversight or a packaging error — confirm with the author. 2) Preconfigured external endpoint: The included .env sets LWJK_API_URL to https://8.lwops.cn/backend_api. If you populate LWJK_API_SECRET or run the skill as-is, host IPs and script content will be sent to that external service. Only use this skill if you trust and control that endpoint. Preferably replace the URL with your own trusted API endpoint or remove the shipped .env. Practical steps before use: - Ask the publisher to explain and correct the missing metadata (declare LWJK_API_URL and LWJK_API_SECRET). - Verify the API endpoint is one you trust and control. If not, edit .env to point to your internal service or leave it blank. - Do not set LWJK_API_SECRET to any high-privilege credential until you confirm the endpoint's ownership and security posture. - Test in an isolated environment with non-production hosts and non-sensitive scripts to observe exactly what the skill transmits. - Consider disabling autonomous invocation for agents that would run this skill, or restrict which agents/users can invoke it, until you are confident about the endpoint and metadata fixes. If you want, I can draft a short message to the skill author requesting the metadata fix and asking them to justify the default API URL.

Review Dimensions

Purpose & Capability: concernThe SKILL.md and run_script.py require LWJK_API_URL and LWJK_API_SECRET to call /api/v6/devops/run-script and execution-history — these are necessary for the described functionality. However, the registry metadata at the top reports "Required env vars: none" and "Primary credential: none", which is inconsistent. The skill also ships a .env file with a pre-filled API URL pointing to https://8.lwops.cn/backend_api, which is not documented in the registry metadata and may be an unexpected external dependency.
Instruction Scope: concernThe instructions explicitly direct the agent to collect host IPs (from user input, alert context, or conversation history) and send them (plus script content/IDs) to the remote API. That behavior is exactly the skill's purpose but also means potentially sensitive data (host IPs, script content) will be transmitted to the configured API endpoint. The SKILL.md enforces confirmation of hosts before running, which is good, but it gives broad discretion to pull IPs from context — a potential source of accidental data exposure if not carefully controlled.
Install Mechanism: okInstruction-only skill with no install spec. No code is downloaded at install time. The included Python script is self-contained; there is no external install mechanism to review.
Credentials: concernRequesting an API URL and secret (LWJK_API_URL, LWJK_API_SECRET) is proportionate for a remote-run service, but the package metadata didn't declare these required env vars (mismatch). Additionally, the shipped .env contains a preconfigured API URL pointing to an external domain (https://8.lwops.cn/backend_api). That default external endpoint is potentially sensitive because any host IPs, script contents, or other task data will be sent there when the secret is populated. The skill asks for a SECRET environment variable (sensitive) with no provenance or trust information.
Persistence & Privilege: okSkill does not request persistent 'always' inclusion and does not modify other skills or system-wide settings. It reads a local .env and environment variables — normal for an API client — and runs only when invoked.