Skillv1.0.0

ClawScan security

Health Industry Specialist · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 24, 2026, 3:21 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's documentation claims automated integrations (抖音/微信/预约/支付) and lists runtime scripts, but there are no scripts, no install steps, and it requests no credentials — the pieces don't add up and could be honest incompleteness or an attempt to mislead.
Guidance: This package looks like a set of business templates, content guidance and pseudocode rather than a working integration. Before installing or using it for real customer data: (1) Ask the publisher for the missing scripts and for exact details of how external integrations (Douyin, WeChat, payment) are authenticated and where credentials are stored. (2) Do not provide real API keys, payment credentials, or personal health data until you review the actual integration code and security practices. (3) If you expect automated messaging/appointments, require a security review of any code that will access webhooks or third-party APIs and insist on least-privilege service accounts and auditing. (4) If the skill will process personal medical data, verify legal/regulatory compliance (local health data rules) and encryption/access controls. (5) If the author cannot provide the missing executable components and a clear integration plan, treat the skill as documentation-only and do not rely on it for automated operations.
Findings: [no_regexp_findings] expected: The regex-based scanner had no code to analyze because this is instruction-only and no code files are present. That absence of findings is expected for an instruction-only package but does not imply safety.

Review Dimensions

Purpose & Capability: concernThe description promises CRM, appointment automation, Douyin/WeChat integration, payment sync and automatic replies — capabilities that normally require API credentials, integration code, and installable components. However, the skill declares no required env vars, no binaries, no install, and no code files. That mismatch suggests the skill as-published cannot actually perform the stated automated integrations.
Instruction Scope: noteSKILL.md and the reference docs are primarily guidance, templates, and pseudocode. They do not instruct the agent to read local secret files or call external endpoints, which is good, but they refer to automated behaviors (e.g., '抖音私信自动接入CRM', '预约系统对接抖音本地生活') without specifying how credentials or endpoints are provided. The instructions are high-level and leave broad implementation discretion, which is vague and could hide assumptions about external access.
Install Mechanism: concernThere is no install spec (instruction-only), which is low-risk in itself, but SKILL.md lists a scripts/ directory (appointment-system.js, data-analysis.js, content-generator.js) that are not present in the package. That discrepancy is an incoherence: the skill references executable components that aren't shipped. It's unclear whether those scripts are expected to be provided at runtime, fetched dynamically, or simply omitted.
Credentials: concernThe skill claims integrations with Douyin, WeChat, payment gateways and data synchronization, which normally require multiple credentials and webhook/config paths. Yet requires.env is empty and no primaryEnv is declared. Requesting no credentials while promising such integrations is disproportionate and ambiguous — either the skill cannot perform those tasks, or it expects the agent to obtain credentials by other means (not specified).
Persistence & Privilege: okThe skill does not request persistent presence (always:false) and defaults for autonomous invocation are standard. There is no indication it modifies other skills or system-wide configuration. Note: autonomous invocation combined with broad integration access would increase risk, but that's not present here.