Skillv1.0.8

ClawScan security

meituan-travel · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 27, 2026, 3:33 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with a Meituan travel CLI wrapper: it requires a Meituan API token and npx and its runtime instructions match the stated travel-purpose, with only minor metadata and labeling inconsistencies to double-check before use.
Guidance: This looks like an authentic CLI-wrapper skill for Meituan travel and mostly coherent. Before installing or enabling it: 1) Verify the npm package @meituan-travel/ht-ai is the official publisher (publisher/org, package page, and source) so npx won't execute untrusted code. 2) Provide only a minimally-scoped MEITUAN_HT_TOKEN (confirm scope, billing/quota) and avoid making MEITUAN_RAW_JSON an always-set secret unless you need raw JSON output. 3) Confirm your platform enforces non-logging of environment secrets (the SKILL.md requests this but cannot enforce it). 4) If you run this in an automated agent, consider rate limits and restrict automatic invocation to travel-related intents. These checks will reduce risk while using the skill.

Review Dimensions

Purpose & Capability: noteName/description match the runtime instructions: the SKILL.md tells the agent to call the @meituan-travel/ht-ai CLI (via npx or global install) to query Meituan travel data. Required binary (npx) and MEITUAN_HT_TOKEN align with the described purpose. Minor inconsistency: the registry summary above shows "Primary credential: none" while the skill metadata and SKILL.md declare MEITUAN_HT_TOKEN as the primary credential — this is likely an authoring/metadata mismatch, not a functional red flag.
Instruction Scope: okSKILL.md only instructs running the ht-ai CLI, escaping user single quotes for shell safety, reading the declared MEITUAN_HT_TOKEN env var, and formatting results. It does not ask to read unrelated files or other system credentials. It explicitly warns not to print the token. Note: the guidance cannot by itself enforce non-logging — platform/runtime must honor it.
Install Mechanism: noteNo install spec (instruction-only), which keeps on-disk footprint low. However runtime use of `npx @meituan-travel/ht-ai` means remote package code will be fetched/executed at call time (or the user can install globally). Verify the npm package identity and publisher (official Meituan package) before allowing runtime npx downloads.
Credentials: noteRequesting MEITUAN_HT_TOKEN is proportionate and expected. The declared required env list also includes MEITUAN_RAW_JSON, but SKILL.md treats MEITUAN_RAW_JSON as an optional flag to request raw JSON output — it does not need to be mandatory. Recommend the registry declare only MEITUAN_HT_TOKEN as required and treat MEITUAN_RAW_JSON as optional. Ensure the token's scope is minimal (only the APIs needed) before providing it.
Persistence & Privilege: okalways:false (default) and no install spec — the skill does not request permanent inclusion or write access. Metadata indicates runtime context_isolation: execution and parent_context_access: read-only, which limits privilege. No instructions try to change other skills or system-wide settings.