Skillv1.0.6

ClawScan security

MocCard-zh · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 7:58 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions generally match its stated purpose (automating moccard.com uploads and downloads) but include steps that could leak session cookies and download files from an arbitrary backup server — a disproportionate and risky action.
Guidance: This skill mostly does what it claims, but it contains a backup-download path that will send the page's document.cookie (session cookies) and user-agent to whatever BACKUP_SERVER_URL you supply. That can expose your login/session to a third party. Before installing or running: 1) Do not set BACKUP_SERVER_URL to an untrusted host — prefer leaving the backup option disabled if unnecessary. 2) If you must use a backup endpoint, ensure it's the official moccard domain or a server you control and review why cookies are needed; remove the Cookie header in the script if possible. 3) Be aware the script deletes Downloads files matching images-*.zip and writes to $HOME/Downloads — run in an isolated account or adjust paths to avoid accidental data loss. 4) Confirm agent-browser, jq, and curl are trusted binaries on your system. If the author can explain why the backup server legitimately needs cookies (authenticated server under moccard control), that would reduce the concern; absent that, treat this as risky.

Review Dimensions

Purpose & Capability: noteThe workflow (open site, fill title/content, select style, trigger split, capture/download zip) matches the stated purpose. However the inclusion of a configurable BACKUP_SERVER_URL as a "兜底下载" path (not declared in requirements) extends the skill to contact an external server outside moccard.com and is not obviously required for the primary task.
Instruction Scope: concernThe SKILL.md executes JavaScript in the target page, extracts document.cookie and navigator.userAgent, and sends those values to BACKUP_SERVER_URL via curl. Transmitting page cookies to an arbitrary external server is sensitive and unnecessary in typical use. The script also deletes files in the user's Downloads directory matching a pattern and sets the browser download path — operations that touch local files and could remove unrelated files if patterns overlap.
Install Mechanism: okThis is an instruction-only skill with no install spec or remote downloads, which reduces injection risk. It does assume presence of agent-browser, jq, and curl on the host but does not install additional packages.
Credentials: concernNo environment variables or secrets are declared, yet the instructions collect and forward session cookies (and user agent) to an externally-specified BACKUP_SERVER_URL. Sending cookies to a third-party endpoint is disproportionate to the stated task and can leak authentication/session tokens. The placeholder BACKUP_SERVER_URL ({{ip}}) could point to any host.
Persistence & Privilege: okThe skill does not request always:true, does not persist itself, and does not modify other skills or system-wide settings beyond using agent-browser for a session; normal privileges for an automation skill.