Skillv1.0.0

ClawScan security

Yida App · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 14, 2026, 1:09 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's documents describe building Yida apps and require reading/writing local auth and project files and invoking many sub-skill scripts, but the package metadata lists no code/install and no required config paths — the instructions and manifest are inconsistent.
Guidance: This skill's documentation describes a plausible Yida app workflow, but the package is instruction-only while the runtime steps assume many local helper scripts under .claude/skills/* and access to a cookie file (.cache/cookies.json). Before installing or running it: 1) verify the referenced sub-skill scripts actually exist and inspect their source (they will be executed with node); 2) be aware the agent will read your .cache/cookies.json (contains login cookies/corpId) and may write .cache/<project>-schema.json and PRD files—ensure you are comfortable with that access; 3) confirm you consent to the agent opening a browser tool and producing screenshots for QR login (these images may contain sensitive info); 4) if the package doesn’t include the scripts, do not run commands that download or execute arbitrary archives without reviewing their origin. If you’re unsure, request the full sub-skill code or a signed upstream release before proceeding.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (end-to-end Yida app development) aligns with the actions described (create app/page/form, write PRD, compile/publish). However the SKILL.md expects many helper scripts under .claude/skills/* and access to .cache/cookies.json and .cache/<project>-schema.json, while the registry metadata shows no code files, no install steps, and no required config paths. That mismatch means the package as delivered cannot perform what it describes without external files; requiring local scripts/cookies is a notable incoherence.
Instruction Scope: concernRuntime instructions explicitly direct the agent to read and compare corpId from prd docs and .cache/cookies.json, write .cache/<project>-schema.json, run node scripts under .claude/skills/*, open a browser tool and capture screenshots for QR login, and update project PRD files. Reading/writing auth cookies and taking/sending screenshots are sensitive actions. The instructions also forbid telling the user to open the browser manually, which constrains interaction flow. These file and auth-access steps are relevant to the stated purpose but are broader than what the manifest declares and require user review/consent.
Install Mechanism: noteThere is no install spec (instruction-only), which is low-risk in isolation. However, the SKILL.md assumes many local helper scripts and npm steps (e.g., npm install in yida-publish-page) located under .claude/skills/*; those scripts are not present in this package. If those referenced scripts are supplied later from external sources, that would increase risk.
Credentials: concernThe manifest declares no required env vars or config paths, yet the instructions require access to .cache/cookies.json (login cookies and corpId) and to write .cache/<project>-schema.json and PRD files. Access to cookies/corpId is sensitive and should have been declared. There are no unrelated external credentials requested, but the omission of required config path declarations is an inconsistency and a potential privacy/security concern.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills, and is user-invocable. It does instruct writing project-local .cache and PRD files and invoking local scripts, which is normal for a development helper and does not indicate elevated system-wide privileges.