Skillv1.0.0

ClawScan security

XiaChat MCP — AI Personality Matching · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 8:16 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match its stated purpose (XiaChat integration), but the package requires an API key and runtime npm execution that are not declared in the registry metadata and introduce modest supply-chain and credential risks.
Guidance: Before installing or running this skill: 1) Recognize the SKILL.md requires XIACHAT_API_KEY (xk_...) even though the registry metadata doesn't declare it — do not provide unrelated credentials. 2) The MCP command uses npx @xiachat/mcp-server (runtime npm fetch). Treat this as a supply-chain risk: prefer a pinned package version (e.g., @xiachat/mcp-server@1.2.3) and verify the package source and maintainer on npm/GitHub before executing. 3) Inspect (or ask for) the @xiachat/mcp-server package source or a checksum; run it in a sandboxed environment if possible. 4) Consider privacy: the skill will process chat exports and profile data — confirm XiaChat's privacy policy and limit what transcripts you upload. 5) Ask the publisher to update registry metadata to declare XIACHAT_API_KEY as a required credential and to provide an explicit, pinned install spec (or a vetted release URL) so you can review the code before running it. If the publisher cannot provide these, treat the skill as higher risk and avoid running it with real account keys.

Review Dimensions

Purpose & Capability: okThe name/description and the SKILL.md contents consistently describe XiaChat integration (SOUL.json, matching, pre-chat, Soul Square). The capabilities requested in the instructions (creating/importing/exporting SOUL, match/find, prechat flows) align with the described purpose.
Instruction Scope: noteSKILL.md explicitly instructs use of a XiaChat API key and commands to run an npm-hosted MCP server (npx @xiachat/mcp-server). It also references reading/converting SOUL.md and chat export text (expected for this feature). There is no instruction to read unrelated system files, but the runtime will process chat transcripts and personal profile data (sensitive by nature), which is appropriate for the feature but worth caution.
Install Mechanism: concernThere is no install spec in the registry metadata, yet the SKILL.md tells users to invoke npx -y @xiachat/mcp-server as an MCP command. npx will fetch and run code from the npm registry at runtime; this is a moderate supply-chain risk and should be declared/pinned. The skill does not provide a pinned package version, checksum, or alternate vetted install source.
Credentials: concernThe skill requires a XiaChat API key (XIACHAT_API_KEY, format xk_...), but the registry metadata lists no required environment variables or primary credential. The requested credential is proportionate to the skill's function, but the omission in metadata is an incoherence and prevents proper pre-install review.
Persistence & Privilege: okalways:false and no install files are present. The skill instructs running an npm-hosted server via npx but does not request persistent elevated platform privileges or modifications to other skill settings. Autonomous invocation remains default but is not compounded by additional privileges.