Skillv1.0.0

ClawScan security

Autoglm Deepresearch · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 14, 2026, 8:06 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime instructions match its stated purpose (limited web search + page fetch for a structured research report), but it relies on a local token service and contains a hard-coded app key — review those before use.
Guidance: This skill appears to do what it claims (limited web-search + page fetch to build a report). Before installing or running it: 1) Verify you trust the local token provider at http://127.0.0.1:53699/get_token — whatever runs there can supply arbitrary Authorization tokens and could be used to redirect or leak data. 2) Be aware the skill embeds an APP_KEY in its code; that key authenticates requests to autoglm-api.zhipuai.cn and could be sensitive. 3) Review network traffic if possible (or run scripts in a sandbox) to confirm no unexpected endpoints are contacted and that the data you send to the external API is acceptable. 4) If you don't have or don't want a local token service, do not run these scripts as-is. If you need higher assurance, request the skill author explain the local token service design or provide a version that uses explicit, documented credentials under your control.

Review Dimensions

Purpose & Capability: okThe name/description (deep research via limited web searches and deep-reading a few pages) aligns with the included scripts (web-search.py and open-link.py) and the two external endpoints used (web-search and open-link). There are no unrelated binaries, env vars, or installs requested.
Instruction Scope: okSKILL.md constrains behavior (1–2 searches, 1–3 page opens, show intermediate results) and points the agent to the two API endpoints declared. The runtime instructions do not instruct reading arbitrary local files or contacting unexpected remote hosts beyond the documented API and the local token service.
Install Mechanism: okNo install spec; code is provided as simple Python scripts using only the standard library. No downloads or archive extraction are present.
Credentials: noteThe skill requires no user environment variables or credentials, which is proportionate. However, it: (1) relies on a local service (http://127.0.0.1:53699/get_token) to obtain a bearer token at runtime, and (2) contains a hard-coded APP_KEY and APP_ID used to sign requests. Both items are noteworthy: the local token endpoint must be trusted (it could supply any token), and the embedded APP_KEY is a sensitive secret baked into the skill rather than provided by the user.
Persistence & Privilege: okalways is false and there is no installation behavior that modifies other skills or system-wide settings. The skill can be invoked autonomously (the platform default) but does not request elevated persistence or cross-skill config changes.