Skillv1.0.1

ClawScan security

Takeout Coupon 外卖优惠券隐藏券大额券，美团、京东、闪购/饿了么 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 16, 2026, 9:17 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (fetching and presenting takeout coupons from a third‑party API) but relies on an unauthenticated external endpoint and returns arbitrary raw strings/URLs, so exercise normal caution before use.
Guidance: This skill is coherent for its stated task (calling an external coupon API and showing coupon codes). Before installing or running it, consider: 1) The API endpoint (agskills.moontai.top) is a third‑party service outside the major platforms—verify the source (check the GitHub homepage and repository owner) if you trust it. 2) The API is unauthenticated and can return arbitrary strings; coupon_code values may include URLs or special characters—do not auto‑click links or automatically fetch/preview QR images in a way that reveals your IP or other environment details. 3) The included Python scripts use the requests library but the skill provides no dependency/install steps — if you run them, run in an isolated environment and inspect the code. 4) If you need stronger guarantees, request the maintainer to publish the repo, sign releases, or host the API on an audited domain; alternatively, run the fetch script in a sandbox and manually review returned data before exposing it to end users.

Review Dimensions

Purpose & Capability: okName/description match the actual behavior: the skill calls a coupon API and returns coupon_code strings and an H5 QR image URL. Required capabilities (network access) are limited to that API; no unrelated credentials or system paths are requested.
Instruction Scope: noteSKILL.md explicitly instructs the agent to GET https://agskills.moontai.top/coupon/takeout and to present coupon_code fields verbatim. That matches the purpose, but presenting raw coupon_code values (which may contain URLs or special characters) and an H5 QR image URL means the agent could surface content that leads users to external sites. The instructions do not require reading other files or credentials and do not ask the agent to transmit unrelated data, but they also do not advise sanitization or warn about potential malicious payloads embedded in coupon strings.
Install Mechanism: okNo install spec; the skill is instruction-first and includes small Python helper scripts. Nothing is downloaded from arbitrary URLs during install. The included scripts use the 'requests' library but no dependency or packaging instructions are provided.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. This is proportionate: an unauthenticated API call requires no secrets. Note: because the API is third‑party and unauthenticated, the service operator can observe calls from the agent (IP, headers, timestamps).
Persistence & Privilege: okSkill flags are default (not always-enabled); it does not request persistent elevated privileges or modify other skills' configs. Autonomous invocation is allowed by default (normal for skills) and not by itself a red flag here.