Skillv1.0.1

ClawScan security

龙虾教研日报助手 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 2:42 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it says (writes conversational daily reports into Tencent Docs) but contains a few coherence and data-flow issues you should verify before installing.
Guidance: Before installing or using this skill: 1) Confirm which Tencent Docs FILE_ID/sheet IDs it will write to — if you don’t want reports directed to a remote document maintained by the skill author or another team, change FILE_ID and sheet IDs to documents you control. 2) Understand that the skill fetches and runs the 'mcporter' tool via npx at runtime (dynamic npm install); review the mcporter package/source if you want to verify behavior. 3) The OAuth token you provide is stored locally in mcporter's config (~/.mcporter) and used to call Tencent Docs; revoke that token from your Tencent account if you stop using the skill. 4) The SKILL.md language about 'not sending data to third-party servers' is misleading — the skill intentionally reads/writes remote Tencent Docs. If you have low trust in the skill author or the default document IDs, do not authorize/write data until you verify or change the target document IDs and inspect mcporter.

Review Dimensions

Purpose & Capability: noteName/description match the implementation: the scripts parse conversation input and call the Tencent Docs API (via the mcporter tool) to read/write sheets. Requesting Node/npm and Python at runtime is reasonable for this task. One oddity: the package ships a default FILE_ID and sheet IDs (hard-coded document IDs). That is plausible for a team deployment but should be verified — it means the skill will target a specific remote document by default rather than necessarily writing to a user-owned document.
Instruction Scope: concernRuntime instructions and scripts only reference local memory (~/.openclaw/workspace/memory) and the Tencent Docs MCP endpoint, which is consistent. However SKILL.md asserts '不会将数据发送至第三方服务器' while the whole point is to send data to Tencent Docs (a third-party service) — this is a misleading statement. More importantly, the scripts default to a specific FILE_ID and sheet IDs; if that document is not under the user's control but is shared/owned by the skill author or a third party, user data could be written to a remote document the user does not explicitly control. The scripts require the user to provide a token (or run OAuth) and instruct storing the token in mcporter config; they do not read unrelated system files or request unrelated credentials.
Install Mechanism: noteThe skill has no automated install spec but runs npx -y mcporter at runtime. That means the mcporter package is fetched dynamically from npm when the scripts run. This is expected for a tool that proxies calls to Tencent Docs but is a moderate-risk behavior because code is downloaded and executed at runtime from an external registry. No downloads from unknown personal URLs or archive extraction were found.
Credentials: concernNo env vars are declared in the registry metadata, which is consistent with the interactive OAuth flow used by the scripts. The tool stores credentials locally via mcporter (in ~/.mcporter) and writes a user config to the workspace memory. That is proportionate to the stated purpose. The concern: the default FILE_ID and sheet IDs are hard-coded to an external document — if that document is accessible and writable, the skill will place your data into that document instead of (or in addition to) a document you control. Also the runtime relies on fetching the mcporter npm package (indirect access to external code).
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or system-wide settings. It persists configuration and token material locally (memory/user-config.md and mcporter's home config) which is expected for a client-side integration. That persistence scope is normal for this kind of skill.