Skillv0.3.2

ClawScan security

wjx-cli-use · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 6:05 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is largely what it says (a wjx-cli usage/install guide) but its runtime instructions ask the agent to execute system installs and to collect/run with an API key while the skill metadata does not declare any required credentials — this mismatch and the agent-run/install guidance merit caution.
Guidance: This skill is a coherent, detailed guide for wjx-cli, but it instructs the agent to perform system installs and to obtain and use your WJX API Key (and optionally a WJX_CORP_ID). Consider the following before installing/using: - Only provide an API Key if you trust the skill and the agent; avoid pasting long-lived root keys into chat. Prefer creating a limited-scope or sub-account API key for automation. - The skill will try to run npm install -g wjx-cli and write ~/.wjxrc via wjx init; if you don't want the agent to run commands, perform installs and the wjx init step yourself and then give the agent explicit, minimal permission. - The skill metadata does not declare required env vars, yet the instructions use WJX_API_KEY and WJX_CORP_ID — this mismatch is why extra caution is warranted. - If you allow the agent to run the setup, watch for prompts that request secrets and prefer setting credentials via environment variables or uploading them to a secure vault rather than pasting into chat. - If uncertain, run the provided setup.sh manually on a controlled machine and inspect its output before giving the agent any credentials or permission to execute commands.

Review Dimensions

Purpose & Capability: okName/description match the contents: SKILL.md, references, and examples all document wjx-cli usage (create surveys, responses, analytics, contacts). The included scripts (setup.sh, pack_skill.sh) and reference docs are coherent with a CLI usage/install guide.
Instruction Scope: concernSKILL.md explicitly instructs the AI agent to run system commands (install Node.js, npm install -g wjx-cli, wjx init, wjx doctor, open browser links) and to request the user's API Key and then run wjx init --api-key <key> itself. The instructions also reference environment/config locations (~/.wjxrc) and a second credential (WJX_CORP_ID) for contacts. Those runtime actions go beyond passive guidance and give the agent permission to perform system-level installs and to solicit and use secrets.
Install Mechanism: noteThere is no declared install spec (instruction-only), but repository includes setup.sh which automates Node.js detection and runs npm install -g wjx-cli (and suggests sudo). Node install guidance uses standard nodesource/nvm/homebrew commands. No downloads from untrusted/personal URLs are present; install steps are conventional but run-at-runtime behavior is enabled by the instructions.
Credentials: concernSkill metadata declares no required env vars or primary credential, yet the SKILL.md and scripts explicitly reference/configure WJX_API_KEY (and recommend wjx init and ~/.wjxrc) and optionally WJX_CORP_ID for contacts. The skill also instructs the agent to ask the user to paste their API key into chat so the agent can run wjx init with it. This is a mismatch and increases the risk of credential exposure if the user pastes secrets into the conversation or lets the agent run commands with those secrets.
Persistence & Privilege: okSkill is not flagged always:true and does not request system-wide persistent privileges. The setup writes/uses ~/.wjxrc (normal for a CLI) and installs a global npm package — these are expected for a CLI integration. It does not attempt to modify other skills or agent-wide configuration beyond its own configuration steps.