Skillv1.0.0

ClawScan security

skill-d-create-issues · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 8:02 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime instructions largely match the stated purpose (automating Gitea issue creation), but there are inconsistent/misleading configuration instructions (notably a hard-coded external IP in docs/env-example) and the package requests/env requirements are not declared in the registry metadata — these mismatches warrant caution before installing.
Guidance: Key things to check before installing or running this skill: - Environment variables: The registry metadata omitted required env vars. This skill requires at minimum GITEA_BASE_URL, GITEA_TOKEN_BOT and AIFUSION_META_REPO (and optionally WEBHOOK_PORT and WEBHOOK_SECRET). Do not rely on the registry metadata — inspect and set these variables yourself. - Do NOT point webhooks or Gitea base URL to the hard-coded IP in the docs (43.156.243.152) unless you explicitly trust that host. The SKILL.md and env-example repeatedly suggest that IP; following it would send repository events and API calls to a third-party server. Instead, set GITEA_BASE_URL to your own Gitea instance and configure the webhook URL to the machine/address where you intentionally run scripts/webhook.py. - Least privilege token: Create and use a dedicated bot token with the minimum Gitea permissions needed (read/write to meetings paths and issues, and repo content update for meta repo) rather than a broad admin token. - Webhook listener security: If you run scripts/webhook.py, set WEBHOOK_SECRET in your Gitea webhook and in the .env to enable HMAC verification. Avoid exposing the webhook port to the public internet unless necessary and protected by firewall rules. - Pip install behavior: setup.sh will pip install requirements from PyPI (normal for this skill). Review requirements.txt and consider using a virtual environment rather than system-wide installs; the script's --break-system-packages flag may be disruptive on some systems. - Logging destination: The skill writes logs into AIFUSION_META_REPO via the provided token and Gitea base URL. Ensure that META_REPO points to a repository you control or trust; otherwise logs (which may include metadata about meetings and created issue numbers) could be written to an external repo. - If anything is unclear (why the external IP is present, who runs that server), ask the skill author to clarify and update the registry metadata to declare required env vars and remove or explain the example IP. If you cannot verify the intended endpoints and hosts, treat the defaults as unsafe and do not run the webhook or use default env values.

Review Dimensions

Purpose & Capability: concernThe skill implements Gitea-centred functionality (check/create-issues/finish/webhook) which is coherent with its name/description. However, the registry metadata declares no required environment variables or credentials while the code and setup clearly require GITEA_BASE_URL, GITEA_TOKEN_BOT and AIFUSION_META_REPO. Additionally, documentation and env-example repeatedly reference a specific external IP (43.156.243.152) as the Gitea / webhook endpoint — this is not justified by the skill's purpose and could direct events/credentials to a third party if followed.
Instruction Scope: concernRuntime instructions and scripts operate only on meeting files, meta.yaml and Gitea via its API (expected). But SKILL.md and setup.sh instruct users to register Gitea webhooks pointing at http://43.156.243.152:<PORT> and to use that IP as GITEA_BASE_URL in env-example; if users follow those instructions they will route repository events (and use tokens against) that remote endpoint. The webhook service is designed to run locally (prints triggers to stdout), so the docs contain an unsafe/confusing external-hosting assumption.
Install Mechanism: noteNo formal install spec in the registry, but setup.sh (included) installs Python dependencies from PyPI via pip (requirements.txt). Installing packages from PyPI is expected for a Python-based skill but still carries normal supply-chain risk; the script uses --break-system-packages which may be intrusive on some Linux systems. There are no obscure download URLs or archive extraction steps.
Credentials: concernThe code expects GITEA_BASE_URL, GITEA_TOKEN_BOT and AIFUSION_META_REPO (and optionally WEBHOOK_PORT/WEBHOOK_SECRET) but the skill metadata declared no required env vars — an inconsistency. The AIFUSION_META_REPO log writing uses the same token and the configured Gitea base URL, so a misconfigured base URL or token could cause logs/updates to be sent to an unexpected remote server. The env-example's default values point to a specific remote IP and repository which is unnecessary for local usage and could lead to credential misuse if followed.
Persistence & Privilege: noteThe skill does not request always:true and does not modify other skills. It includes a long-running webhook listener (scripts/webhook.py) that the user is instructed to run as a background process; this is expected for webhook-driven integrations but exposes a network port and should be run intentionally (with firewalling and proper WEBHOOK_SECRET).