Skillv1.0.1

ClawScan security

Movie Coupon 电影票优惠券-淘票票、猫眼等电影平台优惠购票 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 16, 2026, 11:11 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior mostly matches its description (fetching coupon links) but it relies on an untrusted third-party API and insists on presenting raw external links/QRs (from domains that do not match the claimed platforms), which is inconsistent and potentially risky.
Guidance: This skill fetches coupon links from a third-party API and instructs the agent to present returned links and QR images exactly as-is. Before installing, consider: (1) Verify the trustworthiness of the API host (agskills.moontai.top) and the link/image domains returned — they are not official Taopiaopiao/Maoyan domains. (2) Because the skill refuses modification of URLs, decide whether you want the agent to display raw external links/QRs (these could point to phishing or tracking pages). (3) If you install, limit autonomous use (or review outputs) and add a URL-safety check (virus/URL reputation) or an allowlist of trusted domains. (4) Inspect the GitHub source (homepage) and test the endpoint manually to confirm it returns legitimate coupons. If you cannot verify the API's provenance, prefer not to expose users to raw external links/QRs.

Review Dimensions

Purpose & Capability: concernThe skill claims to fetch coupons for mainstream platforms (淘票票、猫眼) but the only network endpoint it calls is a third-party aggregator (https://agskills.moontai.top). Returned URLs point to other domains (e.g., open.cdyunzhanxinxi.com, moontai-static.oss-cn-shenzhen.aliyuncs.com) rather than official platform domains. Using an aggregator is plausible, but the manifest and docs do not explain why official platform APIs are not used or why these domains should be trusted.
Instruction Scope: concernSKILL.md instructs the agent to fetch JSON from the external endpoint and to present coupon_url and coupon_qrcode_img_url 'exactly as returned' without modification. That prevents sanitization or safety checks and could cause the agent to present phishy/malicious links or images to users. Otherwise the instructions stay within the stated task and do not request unrelated data or files.
Install Mechanism: okNo install spec (instruction-only) and no packages are pulled during install. The repository includes small Python scripts that perform simple GET requests to the declared API endpoint; nothing in the install path writes or executes arbitrary downloaded code on install.
Credentials: okThe skill requests no environment variables, credentials, or config paths. Network access to the external API is required and explicit in the SKILL.md and scripts; no additional secrets are requested.
Persistence & Privilege: okalways is false and the skill does not request elevated or persistent privileges beyond normal autonomous invocation. Autonomous invocation is allowed (the default); combine this with untrusted external links increases risk but on its own is standard.