Skillv1.0.2

ClawScan security

TravelSmart · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 8, 2026, 3:23 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and docs mostly match the described TravelSmart purpose, but there are configuration metadata omissions and a few risky implementation choices (hardcoded Feishu chat id default, unauthenticated /notify endpoint bound to 0.0.0.0, registry not declaring required AMAP_KEY) that warrant caution before installation.
Guidance: Things to check before installing/running: - The code requires an AMAP_KEY (Amap Web API). The registry metadata omitted this — set AMAP_KEY yourself and verify you understand its use. - Feishu integration is optional but if you set FEISHU_APP_ID/FEISHU_APP_SECRET the server will attempt to post messages. The code has a default FEISHU_CHAT_ID value; override it or remove the default to avoid sending messages to an unexpected chat. - server.py binds to 0.0.0.0 and exposes /notify with no authentication. If you run the server, bind to localhost (127.0.0.1) or firewall the port, or implement auth for /notify before exposing it to other hosts. - RouterAgent can call an external LLM (minimaxi) if MINIMAX_API_KEY is provided; this will transmit user-provided text to that service. Only provide LLM keys if you accept that. - Review config/api_keys.yaml/.env example to ensure secrets are stored safely and not committed to public repos. - Overall: code looks consistent with its purpose, but address the undocumented/default Feishu chat id, the manifest omission for AMAP_KEY, and the unauthenticated public endpoint before deploying in a shared or public environment.

Review Dimensions

Purpose & Capability: noteThe code implements the stated features (Amap-based highway/hotel/taxi recommendation and optional LLM/Feishu integration). However the registry metadata omitted declaring the required AMAP_KEY even though SKILL.md and code require it; that's an inconsistency in the package manifest that could mislead users. Optional MINIMAX (LLM) and Feishu credentials are consistent with optional features.
Instruction Scope: noteSKILL.md stays within purpose (calls Amap, optionally an LLM, optionally pushes to Feishu). The runtime instructions request only AMAP_KEY (and optional MINIMAX/FEISHU creds). Implementation details reveal additional behavior to be aware of: server.py exposes a /notify endpoint and defaults FEISHU_CHAT_ID to a specific id (hardcoded value) if not provided — meaning notifications could be sent to that chat if FEISHU creds are present. RouterAgent will call an external LLM endpoint (minimaxi) when used; the SKILL.md documents this as optional.
Install Mechanism: okNo install spec; it's code + requirements.txt (requests, pyyaml, loguru). No remote downloads or opaque installers. Typical Python dependency footprint; low install mechanism risk.
Credentials: concernRequested/used env vars in code (AMAP_KEY required; optional MINIMAX_API_KEY, FEISHU_APP_ID, FEISHU_APP_SECRET, LLM_BASE_URL) are proportionate to the declared features. However the package registry did not declare AMAP_KEY as required (manifest omission). Additionally server.py uses FEISHU_CHAT_ID with a default hardcoded value ('oc_b596d3738065b40181b73144a8943999') — this default is not documented in SKILL.md and could result in messages being sent to an unexpected external chat if Feishu credentials are configured. The code also reads config/api_keys.yaml as an alternate source for keys; that's reasonable but should be documented.
Persistence & Privilege: concernThe skill does not request 'always: true' and is not inherently persistent, which is good. However server.py binds Flask to 0.0.0.0 (all interfaces) and exposes an unauthenticated /notify endpoint that will use FEISHU credentials (if set) to post messages to the configured chat id. If the server is run on a host reachable by others, this creates an attack surface (remote callers could trigger outbound messages). Recommend restricting binding to localhost or adding auth and removing/overriding the hardcoded FEISHU_CHAT_ID default.