Skillv1.0.0

ClawScan security

XiaChat CLI — AI Personality Matching · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 8:16 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and purpose are coherent (a CLI for XiaChat) but there are mismatches and modest risks: the SKILL.md requires an API key and tells users to globally install an npm package, yet the registry metadata doesn't declare the API key or an install spec.
Guidance: Before installing or using this skill: (1) Note the SKILL.md requires an XIACHAT_API_KEY but the registry metadata does not declare it — expect to provide a sensitive API token. Only use a key with minimum permissions and verify how XiaChat describes key scopes. (2) The doc tells you to run 'npm install -g xiachat' (global npm install). Treat global npm installs as potentially risky: inspect the npm package (and its GitHub repo/source code), verify the publisher, and prefer installing in a sandboxed environment if you are unsure. (3) Confirm the CLI package's provenance on npm or the project's GitHub and check whether xiachat.com is the official source. (4) Because the skill uses Bash and file reads, be careful which local files (e.g., SOUL.md, chat exports) you point it at — it will process whatever you provide. (5) If you want to proceed, ask the publisher to update the skill manifest to declare XIACHAT_API_KEY as a required env var and to provide an explicit, auditable install spec (link to npm/GitHub and checksums) to reduce uncertainty.
Findings: [no_code_files] expected: This is an instruction-only skill (SKILL.md). The regex scanner had no code files to analyze; that explains the lack of findings but does not imply safety.

Review Dimensions

Purpose & Capability: noteThe name/description and the runtime instructions align: this is a CLI for XiaChat functionality (SOUL profile management, matching, pre-chat, persona chat). Requesting an XIACHAT_API_KEY is appropriate for a remote API-based CLI. However, the registry metadata lists no required environment variables while the SKILL.md explicitly instructs users to set XIACHAT_API_KEY — an inconsistency that should be resolved before trusting the skill.
Instruction Scope: noteSKILL.md stays within the claimed scope: it shows commands for creating/importing/exporting profile files, reading user-provided files (SOUL.md, chat exports), matching, starting pre-chats, and querying credits. It also instructs using stdin/stdout and writing output files, which is expected for a CLI. The doc allows the agent to run Bash and read files (allowed-tools: Bash, Read) — that is normal for a CLI skill but means the agent could read any file paths you supply (e.g., ~/clawd/SOUL.md).
Install Mechanism: concernThere is no declared install spec in the registry, yet SKILL.md instructs 'npm install -g xiachat'. Having the skill recommend a global npm install is typical for CLIs but raises risk because npm packages execute arbitrary code at install/runtime. The skill offers no guidance about package provenance (no npm/GitHub link or checksum). Because installation would pull code from the public registry without an install spec in the skill manifest, this is a proportionate but notable risk.
Credentials: concernSKILL.md requires XIACHAT_API_KEY (sensitive credential) to operate, which is proportionate to contacting XiaChat's API. However, the registry metadata did not declare any required env vars or a primary credential. That mismatch is important: the agent/installation UI may not inform users that a secret is required or expected format ('xk_...'). Ensure XIACHAT_API_KEY is explicitly declared and limit scope/permissions of the key if possible.
Persistence & Privilege: okThe skill is not always-enabled and does not request system config paths or modify other skills. It only suggests installing a CLI tool and using environment variables. Autonomous invocation is allowed by platform default but not itself unusual here.