Skillv1.0.0

ClawScan security

Generate News Article · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 24, 2026, 6:08 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly does what it says (generate Markdown from SerpAPI results) but contains inconsistent requirements and a hard-coded SerpAPI API key plus absolute user-specific paths — these are disproportionate and risky.
Guidance: Do not run this skill without reviewing and editing the script. Specific recommendations: - The script contains a hard-coded SerpAPI API key. Remove this key and ensure the script uses the SERPAPI_API_KEY from your environment (or prompt you). If you or your organization already exposed this key somewhere, rotate it immediately. - Change the absolute paths to relative or configurable paths (avoid /Users/xyz/...). Confirm the referenced serp.py exists in your environment before running; otherwise the script exits. - Verify that downloading images from arbitrary external URLs is acceptable for your environment (network and storage). The script will fetch external resources referenced in search results. - Because the skill overrides the environment key, it could cause calls to SerpAPI to be billed to the embedded account. Only proceed after you replace the embedded key with your own or remove it entirely. - Prefer installing a maintained SerpAPI client or using the official SerpAPI skill interface rather than relying on another skill's script path. Given the embedded credential and path issues, treat this as suspicious: fix the problems above or use a different, audited skill implementation.
Findings: [hardcoded_secret] unexpected: The script contains a hard-coded SerpAPI API key assigned via SERPAPI_API_KEY="9cda299..." which is unexpected for a consumer-facing skill; the SKILL.md instead instructs users to set their own SERPAPI_API_KEY environment variable. [absolute_user_path] unexpected: The script uses absolute, user-specific paths (/Users/lihaijian/.openclaw/workspace-wechat-publisher/...) and directly references another skill's script path. This makes the script brittle and may access files outside the skill directory.

Review Dimensions

Purpose & Capability: concernThe SKILL.md and README state the skill needs a SerpAPI key and the SerpAPI skill, but the registry metadata lists no required env vars or credentials. The code does call SerpAPI (via another skill's serp.py), so requiring SerpAPI is reasonable — however the mismatch between declared requirements and actual behavior is inconsistent and could mislead users.
Instruction Scope: concernThe runtime script writes to a hard-coded agent root (/Users/lihaijian/.openclaw/workspace-wechat-publisher), expects another skill's script at a fixed absolute path, and downloads images from external URLs. These actions go beyond a simple, portable generator: the absolute paths make the script environment-specific and it overrides environment-based configuration (see below).
Install Mechanism: noteThere is no network install spec (instruction-only), and the script is delivered with the skill (no remote download or extract). That lowers install risk, but the shipped script will be copied to the user's skills directory and executed locally — review it before running.
Credentials: concernSKILL.md says SERPAPI_API_KEY is required, but the bash script embeds a long SerpAPI API key inline and sets SERPAPI_API_KEY to that value when invoking the serp.py command. Embedding someone else's API key is unexpected and disproportionate: it overrides the user's key, leaks a credential to anyone who inspects the script, and could lead to billing/abuse of that account.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills' configurations. It writes files to an output directory (normal for a generator). The main privilege concern is the script's use of absolute paths into another skill's folder, but it does not alter system-wide settings.