ClawHub
Back to skill
v1.4.4

Xyfcli Order Guide

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:51 AM.

Analysis

The skill mostly matches its fertilizer-ordering purpose, but it can access customer/order accounts and may expose the API token in CLI output.

GuidanceInstall only if you trust the source and are authorized to manage these fertilizer orders and customer records. Configure the token carefully, avoid displaying config in JSON mode, rotate any exposed token, and verify every order summary before confirming.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
SKILL.md
用户确认 → xyfcli order place → 展示订单地址URL

The skill is designed to invoke an order-placement command after user confirmation. This is central to the stated purpose, but it is still a high-impact business action.

User impactIf the customer, product, quantity, address, or transport details are wrong, the user could create an incorrect order or order draft.
RecommendationReview the full order summary carefully before confirming, and make sure the user has a clear way to cancel or correct drafts/orders.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
scripts/xyfcli/config.py
CONFIG_DIR = Path.home() / ".xyfcli"
CONFIG_FILE = CONFIG_DIR / "config.json"
...
"authorization_token": ""
...
"Authorization": f"Bearer {token}"

The CLI stores a local authorization token and sends it as a Bearer token for API calls. This is purpose-aligned for an internal ordering tool, but it is sensitive account authority.

User impactWhoever has access to the token may be able to query customer/order data or perform ordering actions as the configured account.
RecommendationUse a least-privilege token, keep the local config file private, and ensure the credential requirement is clearly declared before installation.
Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
scripts/xyfcli/config_cmd.py
if json_output:
        format_output(config, json_output)
else:
        typer.echo(f"  Authorization Token: {config.get('authorization_token', DEFAULT_CONFIG['authorization_token'])[:20]}...")

The non-JSON path masks the token, but the JSON path prints the full loaded config, which includes the authorization token. Agents often prefer JSON output, so this can leak the token into chat or logs.

User impactA support transcript, agent log, or copied JSON output could reveal the API token and allow unauthorized use of the business account.
RecommendationDo not run `xyfcli config show --json` in shared chats or logs; update the CLI to redact tokens in all output and rotate any token that was exposed.
Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
scripts/xyfcli/shop.py
"dealerContact": dealer.get("dealerContact", ""),
"dealerTel": dealer.get("dealerTel", ""),
"dealerAddress": dealer.get("dealerAddress", ""),
"balance": dealer.get("balance", "0")

The customer-list command outputs contact details, addresses, and account balances. This matches the customer-management purpose, but it is sensitive business and personal data.

User impactCustomer phone numbers, addresses, and balances may appear in the conversation or logs.
RecommendationUse this skill only from authorized accounts and avoid sharing outputs that contain customer contact or balance information.