Back to skill
Skillv1.0.0
ClawScan security
Lingxing Erp · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 30, 2026, 8:55 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to be a fairly straightforward wrapper for Lingxing's OpenAPI, but the package metadata does not declare the credentials the SKILL.md says are required and the presence of an executable script merits inspection before providing secrets or invoking write APIs.
- Guidance
- This package appears to be an API wrapper for Lingxing and legitimately needs an App ID and App Secret. However, the registry metadata does not list those credentials even though SKILL.md instructs you to set LINGXING_APP_ID and LINGXING_APP_SECRET — that's an inconsistency. Before installing or supplying secrets: 1) review scripts/lingxing.py source to confirm it only talks to openapi.lingxing.com and does not leak credentials or call other endpoints; 2) check whether the script can invoke write operations (it can) and avoid using credentials with write requests unless you trust the code; 3) prefer obtaining the wrapper from an official, documented source or the Lingxing vendor if available; and 4) if you proceed, keep credentials scoped and revocable and monitor API activity. If you want, I can scan the included scripts/lingxing.py for network calls, endpoints, and any suspicious code paths (please provide its contents or allow me to inspect it).
Review Dimensions
- Purpose & Capability
- noteThe name, description, and the many reference docs all align with a Lingxing ERP OpenAPI wrapper — the declared endpoints and examples match the stated purpose. However, registry metadata lists no required environment variables or primary credential while SKILL.md explicitly instructs users to set LINGXING_APP_ID and LINGXING_APP_SECRET (and optionally LINGXING_SID). That mismatch is an inconsistency: a wrapper for an authenticated API legitimately needs those env vars.
- Instruction Scope
- noteRuntime instructions are limited and explicit: run scripts/lingxing.py from the repository root with --api and --params; outputs are JSON to stdout. The SKILL.md documents hundreds of endpoints including some write operations (e.g., refundOrder, adjustPriceManual) and includes cautions for write calls. The instructions do not ask the agent to read unrelated system files or arbitrary env vars, but because the script accepts arbitrary API names and params it can be used to call write endpoints — users should be aware and cautious.
- Install Mechanism
- okNo install spec or external downloads are present; the skill is delivered as files in the bundle and invoked by running the included Python script. This is lower-risk than remote fetch/install flows. There is no evidence of arbitrary URL downloads or nonstandard install steps in the metadata.
- Credentials
- concernSKILL.md requires LINGXING_APP_ID and LINGXING_APP_SECRET (and optionally LINGXING_SID) for authentication to openapi.lingxing.com, which is proportionate to the stated purpose. However, the registry metadata incorrectly declares no required env vars/primary credential. That inconsistency could cause confusion and accidentally lead users to supply credentials in the wrong place or omit them. Because the skill allows calling write endpoints (noted in references), providing valid credentials grants it potentially destructive capabilities if misused.
- Persistence & Privilege
- okThe skill does not request always:true and does not declare any system config paths or surprising privileges. It is user-invocable and allows normal autonomous invocation (disable-model-invocation is false by default). There is no sign it modifies other skills or system settings.