Skillv1.1.4

ClawScan security

Coze 工作流执行 / Coze Workflow · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 15, 2026, 1:26 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's functionality (calling Coze workflow endpoints) matches its description, but its metadata omits required credentials/config declarations and contains small inconsistencies (env var vs config path vs base_url) that make the package internally incoherent and worth extra scrutiny before use.
Guidance: This skill appears to do what it says (invoke Coze workflows), but its metadata and instructions disagree about where and how the API key and base_url are provided. Before installing: (1) confirm how the agent will supply the Coze API key — prefer platform secret storage or declared environment variables rather than plaintext ~/.openclaw config files; (2) ask the publisher to update registry metadata to declare required env vars/config paths (COZE_API_KEY / COZE_BASE_URL or config path) so permissions are explicit; (3) verify network destination is the official https://api.coze.cn domain and not an unexpected endpoint; (4) avoid placing long-lived credentials in unencrypted skill config; (5) if you do not trust the publisher, do not provide secrets — test with a throwaway key first. The inconsistencies are not proof of malicious intent, but they reduce transparency and increase risk.

Review Dimensions

Purpose & Capability: concernThe declared purpose (invoke Coze workflows) matches the instructions (curl POST to Coze endpoints). However the registry metadata lists no required credentials or config paths, while SKILL.md and the included config.json clearly expect an API key and a base_url — a mismatch between declared requirements and actual needs.
Instruction Scope: concernSKILL.md instructs the agent to read a config at ~/.openclaw/skills/coze_workflow/config.json and/or use environment vars (COZE_API_KEY, COZE_BASE_URL) and to perform network calls to api.coze.cn (SSE or polling). These actions are within the stated purpose, but SKILL.md references local config and env vars that were not declared in the skill metadata, and the bundled config.json sets base_url to a full stream_run URL (inconsistent with examples).
Install Mechanism: okNo install spec and no code files — instruction-only. This is low-risk from an installation perspective (nothing is downloaded or executed beyond the agent following curl instructions).
Credentials: concernThe skill logically needs one secret (Coze API key) and a base URL, but the registry lists no required env vars or primary credential. The included config.json contains an api_key field (placeholder) and a base_url pointing directly at a stream endpoint; requiring secrets but not declaring them in metadata is disproportionate/incoherent. Also storing API keys in plaintext config is risky.
Persistence & Privilege: notealways:false and no install means the skill won't force permanent inclusion. It does expect a config file under ~/.openclaw/skills/coze_workflow/, which is a normal place for skill config but was not declared in the metadata; there is no indication it modifies other skills or system-wide configs.