Skillv1.0.3

ClawScan security

获取外卖优惠券（隐藏券、大额券） · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 16, 2026, 9:31 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior mostly matches its description (it fetches coupons) but has multiple incoherencies and a notable risk: it sends all requests to an unknown external gateway and its declared install/requirements metadata doesn't match the registry manifest or the code, so proceed with caution.
Guidance: This skill will make outbound requests to https://agskills.moontai.top to fetch coupons rather than calling official platform APIs. Before installing or running it: 1) treat the gateway as an untrusted endpoint — do not provide any credentials or sensitive data to it; 2) prefer running the script in a network-restricted sandbox or isolated environment; 3) confirm the 'uv' package source and avoid installing unfamiliar packages globally; 4) ask the author for the gateway's ownership or a public repository/homepage, and for a version that calls official platform APIs if you need a higher assurance. The code also contains small bugs (e.g., ClientSession usage and ignoring the source parameter) suggesting it may be unmaintained or unreviewed.

Review Dimensions

Purpose & Capability: concernThe skill claims to obtain coupons for multiple Chinese platforms and the code does call a coupon endpoint, so the purpose aligns at a high level. However the registry metadata lists no required binaries while SKILL.md metadata asks for a 'uv' binary and pip installs; that mismatch is incoherent. The script always calls a single third-party gateway (https://agskills.moontai.top) rather than platform APIs, which is not explained by the description and concentrates network traffic to an unknown host.
Instruction Scope: concernSKILL.md instructs running the bundled script via 'uv run'. The script does not read/write local files (as claimed) and does not request local credentials, but it performs outbound HTTP GETs to the remote gateway for coupon data. That means executing the skill will contact an external service controlled by whoever runs that domain; the instructions do not warn about that or provide a trusted upstream. Also the script ignores the 'source' parameter and always calls the same endpoint, showing sloppy or unreviewed logic.
Install Mechanism: noteThere is no platform-level install spec, but SKILL.md includes an install block recommending installing 'uv' (brew/pip) and several pip packages (aiohttp, argparse, PyYAML). Using pip for aiohttp/PyYAML is normal; 'argparse' is part of the Python stdlib (installing it via pip is unnecessary) and 'uv' is ambiguous — it may be an uncommon CLI and could come from an untrusted package. Overall install instructions are moderate risk and include unnecessary/odd entries.
Credentials: okThe skill does not request environment variables, secrets, or config paths. The code likewise doesn't read env vars or files. This is proportionate to the stated purpose. The only mismatch is metadata indicating a binary requirement ('uv') that the registry manifest did not declare.
Persistence & Privilege: okThe skill does not request persistent presence (always: false), does not modify other skills' configs, and has no install operations that write custom system-wide settings. No elevated privileges are requested.