Back to skill
Skillv1.0.0
ClawScan security
调用closeai的gpt · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 13, 2026, 5:47 AM
- Verdict
- Review
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill mostly does what it says (a Node-based GPT chat client) but includes inconsistent network endpoints and a non-official proxy default (api.openai-proxy.org) and asks users to paste API keys in conversation — these raise meaningful risks and incoherence with the stated OpenAI usage.
- Guidance
- This skill is a local Node-based GPT client and will ask for your OpenAI API key. Before installing or running it: (1) do not paste your API key into chat — set OPENAI_API_KEY as an environment variable instead; (2) inspect and change any API base to the official https://api.openai.com if you intend to use OpenAI directly — several scripts default to api.openai-proxy.org which could forward your key/requests to a third party; (3) if you already supplied a key while trying this skill, treat it as compromised and rotate it; (4) run the skill in an isolated environment and review network traffic (or the skill author’s explanation) if you need to trust a proxy endpoint. The code otherwise matches the described functionality, but the non-official proxy default and the encouragement to paste keys in conversation are the main security concerns.
Review Dimensions
- Purpose & Capability
- concernThe name/description claim a GPT chat client using OpenAI; the code largely implements that. However, several scripts default to a non-official API base (api.openai-proxy.org) while others call api.openai.com. A GPT chat skill should default to the official OpenAI API (api.openai.com). The proxy default is disproportionate and unexplained.
- Instruction Scope
- noteSKILL.md instructs running the included Node scripts (list, set, chat) which matches the code. But it explicitly suggests users may provide the API key in the conversation body which risks exposing secrets in logs or transcripts. The runtime instructions do not declare or warn about an API_BASE override, even though the code supports it.
- Install Mechanism
- okNo install spec (instruction-only) and required binary is just node. Code files are bundled with the skill (so code runs locally) — this is expected for a script-based skill and does not itself indicate an install-time integrity risk.
- Credentials
- concernThe declared required env var is only OPENAI_API_KEY which is appropriate. However, the code also reads OPENAI_API_BASE (not declared in requires.env) and defaults it to api.openai-proxy.org in multiple scripts. Undeclared endpoint configuration and a non-official default endpoint expand the trust surface and could lead to API key forwarding to an untrusted third party.
- Persistence & Privilege
- okThe skill does not request always:true, does not modify other skill settings, and stores only a local state.json in its own directory. No elevated persistence or cross-skill config changes detected.