Skillv1.0.0

ClawScan security

DashScope Web Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 3, 2026, 3:21 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement a legitimate web-search wrapper for DashScope Qwen, but its metadata and instructions are inconsistent about required credentials (DASHSCOPE_API_KEY is used but not declared), which is a notable coherence gap you should resolve before trusting it.
Guidance: This skill's code and README are consistent with a legitimate DashScope Qwen web-search client, but the skill manifest omitted the required DASHSCOPE_API_KEY declaration. Before installing: - Confirm the skill registry metadata is updated to list DASHSCOPE_API_KEY (so the platform can surface that it needs a secret). - Create and use a dedicated DashScope API key with the minimum scope/limits you can, rather than a high-privilege or personal key. Store it only in the environment the agent runs in. - Review the BASE_URL (https://dashscope.aliyuncs.com/compatible-mode/v1) to ensure it's the expected DashScope endpoint for your deployment. - Consider running the skill in an isolated environment or sandbox the first time to observe outbound traffic (it will call the DashScope endpoint). - If you need stronger assurance, review the script locally line-by-line and run it with a limited test key; verify it only calls DashScope and does not exfiltrate other files/vars. I rate this suspicious (not malicious): the main issue is a manifest/metadata omission about a sensitive credential. Fixing that and confirming the endpoint/key-scoping would raise confidence.

Review Dimensions

Purpose & Capability: noteName/description, the Python script, and README align: this is a DashScope/Qwen web-search client. The required binary (python3) and dependency (openai Python package) are appropriate. However, the registry metadata declares no required environment variables while the code and README clearly expect DASHSCOPE_API_KEY — this mismatch reduces trust in the manifest.
Instruction Scope: okSKILL.md instructs the agent to run the included script and to always use the tool for real-time info. The instructions do not ask the agent to read unrelated files or secrets beyond the API key and do not instruct transmission to unexpected endpoints. A rule in SKILL.md forbids revealing API keys.
Install Mechanism: okThere is no automated install step (instruction-only with a bundled script). README suggests installing the public 'openai' Python package via pip and setting an env var — a standard, low-risk approach. No downloads from untrusted URLs or archive extraction are present.
Credentials: concernThe code reads DASHSCOPE_API_KEY from the environment and the README instructs the user to set it, but the skill registry metadata does not declare any required environment variables or a primary credential. That incoherence is problematic: the skill needs a secret to function, and the manifest should declare it so users and the platform can make an informed decision. Aside from that single key, no other credentials are requested, which is proportionate to the stated purpose.
Persistence & Privilege: okThe skill does not request elevated or persistent platform privileges (always:false). It does not modify other skills or system settings and appears to be user-invocable only — appropriate for its function.