Skillv1.0.0

ClawScan security

Tiktok Shop Publish · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 15, 2026, 5:34 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement the advertised TikTok Shop automation features, but there are coherence issues (manifest declares no required credentials while SKILL.md and code require TikTok/Feishu credentials), a few code-quality bugs, and it writes sensitive credentials to disk — review before installing or running.
Guidance: This package mostly does what it says (TikTok Shop automation) but review before running: - Manifest mismatch: the registry metadata lists no required credentials, yet SKILL.md and the code require TikTok API keys/secrets, shop ID, and Feishu credentials or webhook. Treat that as a transparency issue—confirm the required secrets with the publisher before installing. - Sensitive data: the tool stores API keys, webhook URLs and session cookies in ~/.clawhub/tiktok-shop/config.json and credentials.json (the code sets 0o600 on credentials.json on non-Windows). Only install/run if you trust the source and are comfortable storing these secrets on the machine. - Code quality issue: commands/account.js exports a getCurrentAccount function that calls getCurrentAccount() and will recurse — this looks like a bug that can crash runtime calls that depend on it. Consider obtaining a fixed version or running tests in a sandbox before using in production. - Mock vs real API: the real TikTok API methods are unimplemented and the default is Mock mode. Real-mode requires you to populate real credentials and switch modes; verify the real API code before enabling it. - Verify provenance: source/homepage are listed as unknown/none in the registry snapshot you provided; the package contains a clawhub.json claiming ClawHub and a GitHub URL—confirm the upstream repository and publisher identity (and check commit history) before trusting and supplying secrets. - Safe testing: run the CLI in a controlled environment (isolated VM/container) first, inspect files it creates, and avoid entering production credentials until you confirm behavior. If you must use it, prefer creating dedicated API keys/accounts with limited permissions and rotate credentials after testing.

Review Dimensions

Purpose & Capability: concernThe skill's name/description (TikTok Shop automation) matches the code: it implements product, order, video, analytics and Feishu integration. However the registry metadata declares no required environment variables or primary credential while SKILL.md and the code clearly expect TikTok API keys/secrets, shop ID, Feishu appToken/tableId/webhook and session cookies for accounts. That mismatch between declared registry requirements and actual runtime needs is an incoherence worth flagging.
Instruction Scope: concernSKILL.md instructs users to provide TikTok API credentials and webhook secrets and shows CLI commands and scheduled workflows — all consistent with purpose. The runtime code, however, uses a local config directory (~/.clawhub/tiktok-shop) to store configs/credentials and prompts for values via init. Instructions and code diverge on how credentials are provided (env vars in SKILL.md vs interactive config file in code). The code reads/writes only its own config and credentials files; it does not appear to instruct reading unrelated system files or exfiltrating data to unknown endpoints, but it will store session cookies and API secrets locally which are sensitive.
Install Mechanism: okThere is no install spec (instruction-only style for the registry), but the package includes JavaScript code (CLI). No downloads from third-party URLs or extract steps are present. Risk is typical for running a third-party CLI: the code will execute on the host when invoked and will write configuration files to the user's home directory.
Credentials: concernRequested secrets (TikTok API key/secret/shopId, Feishu tokens/webhook, and session cookies entered via add-account) are appropriate for the skill's claimed functionality. The problem is registry metadata omitted declaring required env vars/primary credential while SKILL.md documents them — this omission reduces transparency. Also the skill stores session cookies and API secrets in local files (credentials.json) which is expected but sensitive; the code attempts to set restrictive permissions on saved credentials (0o600) which is good practice.
Persistence & Privilege: okalways is false and the skill does not request system-wide privileges. It creates and maintains its own config directory under the user's home (~/.clawhub/tiktok-shop) and saves config and credentials there (expected for a CLI tool). It does not modify other skills or global agent settings in the code reviewed. Note: the skill can be executed autonomously by an agent (default platform behavior), but that alone is not flagged here.