Back to skill
Skillv1.0.1
ClawScan security
Tianji · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 2, 2026, 3:38 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements, files, and runtime instructions align with a read-only Tianji analytics integration and request only the expected configuration (base URL, API key, workspace ID).
- Guidance
- This skill appears coherent for querying a Tianji instance. Before installing: (1) provide a least-privilege, read-only API key (not a management/master key); (2) verify the TIANJI_BASE_URL is a host you trust; (3) confirm you are comfortable granting network access to that host; (4) test with a workspace that contains no sensitive production data until you confirm redaction/handling meets your expectations — SKILL.md instructs the agent to redact certain fields, but that depends on the agent honoring the instructions. If you need absolute assurance, review responses from sensitive endpoints (aiGateway, audit logs, workspace members, billing) while using a low-privilege account.
Review Dimensions
- Purpose & Capability
- okName/description (Tianji analytics) match the declared config and permissions. skill.yaml and clawhub.json both require TIANJI_BASE_URL, TIANJI_API_KEY, and TIANJI_WORKSPACE_ID and declare the skill as read-only GET endpoints. No unrelated environment variables, binaries, or platform credentials are requested.
- Instruction Scope
- okSKILL.md instructs the agent to choose GET endpoints from the provided api-endpoints.md/openapi-readonly.json, construct GET requests under {TIANJI_BASE_URL}/open with Bearer auth, parse JSON responses, and summarize results. It explicitly forbids displaying sensitive fields (modelApiKey, apiKey, secret, token, password, credential) and calls out PII in some endpoints. The instructions do not ask the agent to read unrelated system files or other credentials.
- Install Mechanism
- okNo install spec is provided (instruction-only). The repository includes a small build script and a Node script used to filter a full OpenAPI spec into a GET-only reference; these are documentation-generation utilities and are not an installer or remote download. No external archives or network installs are requested by the skill bundle.
- Credentials
- okThe three required config values (base URL, API key, workspace ID) are proportional to a read-only REST API client. The manifest marks the API key as the primary credential/secret. No unrelated secrets or config paths are requested.
- Persistence & Privilege
- okThe skill is not forced-always (always:false), is user-invocable, and does not request modifications to other skills or global agent state. It only requires network permission consistent with fetching remote API endpoints.