Skillv1.0.0

ClawScan security

hit-content-writer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 23, 2026, 6:15 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: Skill appears to implement content-extraction, analysis, storage and rewriting as described, but there are inconsistencies and missing declarations (notably an external embedding API and API key referenced in README/SKILL docs that are not declared in the registry metadata), and it relies on other tools/skills that you should audit first.
Guidance: This skill is largely coherent with its stated purpose (extract/analyze/store/rewrite content) but has a few red flags you should address before installing: 1) The README/SKILL.md instruct you to set EMBEDDING_BASE_URL and EMBEDDING_API_KEY (pointing at api.siliconflow.cn) but the registry lists no required env vars — ask the author to declare those env vars explicitly and explain why that endpoint is used. 2) Inspect or vet the jl-vector-store and jl-video-downloader tools/skills (where do they send data? are they trusted?) because extracted content and embeddings may be transmitted externally. 3) Be careful about storing copyrighted material or personal data in the vector DB; confirm retention and deletion policies. 4) If you must provide an embedding API key, only use credentials you trust and consider creating a dedicated, limited-permission key. 5) Ask the author for a clear privacy/data-flow statement (where content, embeddings, and metadata are sent and stored). If these questions are answered satisfactorily and you trust the external embedding provider and dependent tools, the skill behavior is reasonable for its purpose.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (extract, analyze, store, query, rewrite short-video/article content) matches the instructions and included docs. Declared dependencies (jl-video-downloader, jl-vector-store, optional jl-content-rewriter) are coherent for the stated purpose. However, README/SKILL.md ask users to set EMBEDDING_BASE_URL, EMBEDDING_API_KEY, and EMBEDDING_MODEL for embeddings (pointing to https://api.siliconflow.cn and BAAI/bge-large-zh-v1.5) even though the registry metadata lists no required environment variables — this mismatch is unexpected.
Instruction Scope: noteSKILL.md explicitly instructs the agent to (a) call jl-video-downloader to extract text from short-video links, (b) use jl-vector-store (ChromaDB) to store/query vectorized content, and (c) read local file paths when the user provides them (e.g., /path/to/content.txt). These are within the skill's stated purpose. The docs also recommend sending data to an external embeddings API (api.siliconflow.cn) for vectorization — that is an external endpoint outside the skill's claimed domain and should be considered when deciding whether to provide credentials or store sensitive content.
Install Mechanism: okThis is an instruction-only skill with no install spec or code files; that's low-risk in isolation. The docs advise running 'uv tool install jl-vector-store' (a platform tool install) which is reasonable. There is no arbitrary URL download or archive extraction in the skill distribution itself.
Credentials: concernRegistry metadata declares no required env vars, but README instructs users to export EMBEDDING_BASE_URL, EMBEDDING_API_KEY and EMBEDDING_MODEL and to use an external embedding endpoint (https://api.siliconflow.cn). Requesting an API key for an external service is reasonable for embeddings, but the absence of these env vars in the declared requirements is an inconsistency and increases the chance users will unexpectedly provide credentials. The skill also handles storing user-provided content (which could include copyrighted or private data) — that capability is expected but raises data-sensitivity considerations.
Persistence & Privilege: okalways:false and no install-time persistent privileges are requested by the skill. The skill does describe storing vectors into ChromaDB (user-managed storage) which is expected behavior for a storage/query feature. The skill does not request to modify other skills or system-wide configs.