Back to skill
Skillv2.0.3
ClawScan security
Travel In China · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 11, 2026, 7:52 PM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's behavior (reading sensitive Feishu credentials and writing PII to a Feishu table) matches its stated purpose, but the package/registry metadata does not declare the required environment variables or provenance, creating a provenance/permissions mismatch that you should resolve before installing.
- Guidance
- This skill appears to be what it says (a Feishu Bitable-backed inbound-travel lead collector) and the code only talks to open.feishu.cn — however the registry metadata did not declare the required environment variables while the SKILL.md and tools.py do require sensitive credentials (FEISHU_APP_SECRET, etc.). Before installing: 1) Verify the skill's source repository (inspect the GitHub link) and confirm the code there matches the packaged files. 2) Only provide FEISHU_APP_SECRET to this skill if you trust the source; create a Feishu app with minimal permissions and add it only to the specific table. 3) Use a test/dummy table or limited account for initial trials, and rotate credentials afterward. 4) Confirm legal/privacy requirements for storing PII in the chosen Feishu table (consent, retention, access controls). If you can update the registry metadata to list the required env vars and a verified source URL, that would resolve the main incoherence and increase trust.
Review Dimensions
- Purpose & Capability
- concernThe skill's name, README, SKILL.md and code consistently describe a Feishu (Bitable) integration for collecting travel leads; the Feishu credentials requested by the code (App ID/Secret, base token, table ID) are appropriate for that purpose. However, the registry metadata at the top of the report claims 'Required env vars: none' and 'Primary credential: none' even though both SKILL.md and tools.py clearly require and use FEISHU_APP_ID, FEISHU_APP_SECRET, FEISHU_BASE_TOKEN and FEISHU_TABLE_ID. That metadata mismatch is an incoherence and a provenance/permission red flag.
- Instruction Scope
- okSKILL.md instructs the agent to collect personal and trip-related fields (name, contact, nationality, dates, budget, dietary/visa needs) and to submit them to a Feishu Bitable. The instructions and the tool functions align: the code only sends data to the official Feishu API endpoints and does not attempt to read unrelated local files or external endpoints. Note: collecting PII is expected for this skill but requires appropriate user consent and data-handling controls.
- Install Mechanism
- okThere is no install spec (instruction-only skill with a small Python tool). requirements.txt only lists 'requests'. No downloads from untrusted URLs or archive extraction are present. README points to a GitHub repo for source, but the registry metadata's 'Source: unknown' is inconsistent with that link — verify the upstream repo before trusting code.
- Credentials
- concernThe set of environment variables used by tools.py (FEISHU_APP_ID, FEISHU_APP_SECRET, FEISHU_BASE_TOKEN, FEISHU_TABLE_ID) are reasonable and proportional to the stated Feishu integration. The concern is that the skill metadata did not declare any required env vars or primary credential — this omission makes it easy for a user to miss that they must supply a sensitive App Secret. Also, FEISHU_APP_SECRET is highly sensitive; ensure it is stored securely and that the app has minimal necessary permissions.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system-wide privileges. The code does not modify other skills or system configuration and performs only API calls to Feishu. Autonomous invocation (default) is allowed — combine this fact with credential access when deciding trust, but autonomous invocation alone is not a new risk.