Skillv1.0.1

ClawScan security

Crossborder Ecom Hub · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 15, 2026, 4:23 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill broadly matches its stated ecommerce purpose, but there are multiple inconsistencies and unclear behaviors around declared requirements, packaging, and credential handling that you should resolve before installing or providing secrets.
Guidance: Things to check before installing or giving this skill credentials: 1) Metadata mismatch: the registry entry claims no required env vars, but SKILL.md and clawhub.json ask for TikTok/Amazon/Shopee/Lazada and Feishu credentials. Do not supply secrets until the publisher fixes the metadata and you confirm why the discrepancy exists. 2) Inspect network targets and code: review src/platforms/index.js and src/feishu.js to confirm the exact endpoints the skill calls and that credentials are only used to communicate with the official platform endpoints you expect. If you cannot review the code yourself, ask the publisher for an explicit list of endpoints and a security/privacy whitepaper. 3) Least privilege: create and provide read‑only or limited-scope API credentials where possible (for example, a token that can read product/order data but not perform payouts or change seller settings). For Feishu, create a workspace/app you control and use a token limited to the needed Bitable operations. 4) Secrets storage: the CLI writes config to ~/.crossborder-ecom/config.json. Verify file permissions (should be user-only) and consider using environment variables or a secrets manager if available. Delete or rotate keys after testing if you provided them to an environment you later distrust. 5) Verify implementation status: the DEVELOPMENT_SUMMARY and SKILL.md mention many platform APIs are 'to be implemented' or 'mock'. If adapters are still mocked, providing real credentials is premature and riskier — ask the author which integrations are production-ready. 6) Sandbox test: run the package in an isolated environment (throwaway account, limited-scope credentials, or sandbox accounts) first. Monitor outbound network traffic to ensure data goes only to the expected domains. 7) Trust & provenance: the source is marked 'unknown' and homepage is missing/ambiguous. Prefer skills from well-known publishers/repositories. Ask the maintainer for a verifiable GitHub repo and signed release artifacts. If any of the above raises unresolved questions, treat the skill as untrusted until the author addresses the mismatches and documents where credentials and data are sent.

Review Dimensions

Purpose & Capability: noteThe code, README and SKILL.md implement a multi‑platform ecommerce CLI with Feishu (Bitable) sync which is coherent with the skill description. However the registry metadata presented to the platform claims no required env vars or credentials while both SKILL.md and clawhub.json (in the package) list multiple platform API keys and Feishu credentials. That mismatch between declared registry requirements and the skill's own docs/code is an incoherence: the skill will legitimately need external API credentials, but the registry entry did not advertise them.
Instruction Scope: concernRuntime instructions and the CLI create and read a config file at ~/.crossborder-ecom/config.json and support syncing full product/order/inventory data to external services (platform APIs and Feishu). The SKILL.md and code explicitly direct the agent to collect API keys and to synchronize potentially sensitive business data to Feishu Bitable or platform APIs. That behavior is within the skill's claimed scope but it means the skill will transmit business data to external endpoints — make sure you trust those endpoints and the implementation. Also the docs and DEVELOPMENT_SUMMARY indicate many platform API implementations are still 'mock' or 'to be implemented', so the skill may request credentials even when the adapters are not fully functional.
Install Mechanism: concernThe skill is labeled 'instruction-only' (no install spec) in the registry metadata, but the bundle contains a full CLI project (bin/, src/, commands/, package.json, etc.). That is an inconsistency: there is code that will be installed/executed but no explicit install mechanism described. This raises questions about how and where the files will be placed and executed by the platform. The package's dependencies are normal (axios, commander, etc.) and there are no obviously suspicious download URLs in the provided files, but the lack of explicit install packaging metadata is a discrepancy to resolve.
Credentials: concernThe skill requires multiple high‑sensitivity credentials (TikTok, Amazon access/secret, Shopee partner/api keys, Lazada keys, and Feishu appSecret/bitableToken) to perform its features. That is expected for a multi‑platform integrator, but the registry metadata originally reported 'none' for required env vars — a clear mismatch. Additional concerns: the CLI writes credentials to ~/.crossborder-ecom/config.json by default; local file storage of secrets may be acceptable but you should verify file permissions and prefer least-privilege/read-only credentials where possible. Because Feishu sync will push order/product data to an external workspace, you should confirm whether that workspace is controlled by you or by a third party.
Persistence & Privilege: noteThe skill does not request 'always: true' and does not appear to change other skills' configurations. It will create a per‑user config directory (~/.crossborder-ecom) and store API credentials there — this is typical but persistent. The platform-default autonomous invocation is enabled; combined with multiple external credentials and the ability to push data to external services, that increases blast radius if the skill behaves unexpectedly. No direct evidence of modifications to other skills or system-wide settings was found.