Skillv1.0.1

ClawScan security

dmp-persona-insight · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 10, 2026, 3:31 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and docs mostly match its stated DMP persona-insight purpose, but there are inconsistent environment-variable names, mixed API endpoints, and an insecure default (SSL verification disabled) that together warrant caution before installing.
Guidance: This skill largely does what it claims (local persona analysis + DMP API integration), but take these precautions before installing or providing credentials: 1) Confirm which credential form the platform will inject: DMP_AK/DMP_SK (AK/SK pair) or a single DMP_API_KEY. Update the skill configuration or wrappers so the scripts read the same env names the platform provides. Do not paste secrets into code or public files. 2) Fix the insecure default: change insight_api.py to use verify=True (or remove its override) so HTTPS certificate validation is enforced. Avoid running with verify=False except in fully isolated testing with explicit awareness of the risk. 3) Verify the intended API host with the DMP provider (open.mingdata.com vs api.mingdata.com.cn). Do not supply production credentials until you confirm the correct endpoint. 4) Run the code first in an isolated environment (container or throwaway VM) and with least-privilege credentials (test key) to confirm behavior. Rotate keys after testing. 5) If you plan to use secrets, prefer a secrets manager / OpenClaw SecretRef rather than exporting root-level env vars; confirm the skill reads from the same secret name the platform provides. If you want, I can point to the exact lines to change (enable SSL verification, normalize env variable usage) or draft a checklist/patch to make the skill safer.
Findings: [verify_ssl_false] unexpected: scripts/insight_api.py sets self.verify_ssl = False and passes verify=self.verify_ssl to requests. Disabling SSL verification is not required for normal API use and exposes the client to MITM attacks that could leak credentials or data in transit. [env_var_mismatch] unexpected: The skill declares and uses DMP_AK/DMP_SK (SKILL.md and insight_api.py), but references/api-integration.md and other docs repeatedly mention DMP_API_KEY and an OpenClaw auto-injection into DMP_API_KEY. This inconsistency may cause credentials to be injected under a different name than the scripts expect. [multiple_api_endpoints] unexpected: Different files reference different API hosts/endpoints (e.g., https://open.mingdata.com/api/open-api in code/SKILL.md vs https://api.mingdata.com.cn in reference docs). Multiple endpoints increase the chance of misconfiguration or accidentally sending credentials to an unexpected host. [local_scripts_present] expected: Multiple Python scripts for data loading, feature extraction, PPT generation, and API integration are present — this is expected for a skill that performs local analysis and report generation.

Review Dimensions

Purpose & Capability: noteThe name/description describe DMP-based persona analysis and the included Python scripts implement local file analysis, feature extraction, report and PPT generation, and API calls to a DMP service — this is coherent with the stated purpose. The required credentials (DMP_AK, DMP_SK) are reasonable for calling a DMP API.
Instruction Scope: concernRuntime instructions and scripts read local Excel/CSV files and call the DMP API — appropriate for this skill. However, the SKILL.md and references contain conflicting guidance about which environment variable is injected/used (DMP_AK/DMP_SK vs DMP_API_KEY) and reference multiple API hosts; that mismatch could cause credentials to be set/read in unexpected env names or sent to different endpoints. Additionally, the API client defaults to verify_ssl = False, which weakens transport security and increases risk of credential interception.
Install Mechanism: okNo install spec — instruction-only plus shipped Python scripts. Nothing in the manifest downloads or executes remote installers. Presence of local scripts is expected for an analysis/PPT-generation skill.
Credentials: concernThe skill declares DMP_AK and DMP_SK (two credentials) which are proportionate to calling a DMP API. But references and examples also mention DMP_API_KEY and OpenClaw auto-injection into skills.entries.dmp-persona-insight.apiKey → DMP_API_KEY, creating ambiguity about which secret the platform will supply. That mismatch could lead to accidentally exposing a single API key in places where the scripts expect AK/SK, or failing to find credentials and prompting insecure fallback behavior.
Persistence & Privilege: okalways is false and the skill does not request system-wide changes or privilege escalation. It reads local files and calls external APIs, which is normal for this functionality.