Skillv1.0.0

ClawScan security

ucloud-infra · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 14, 2026, 4:27 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement a UCloud CLI wrapper and mostly matches its stated purpose, but there are clear incoherences and privacy risks (undeclared required env var, credential handling, and logging of sensitive params) that deserve review before installing.
Guidance: This skill mostly does what it says (wraps the UCloud CLI) but has a few red flags you should consider before installing: - UCLOUD_PROJECT_ID is required by the script but not declared as required in the skill metadata or emphasized in the SKILL.md; set this env var or the skill will exit. Ask the publisher to update metadata/documentation. - The script logs create/delete operations to a logs directory and records parameters verbatim. That can include VM/DB passwords and other sensitive details. If you install, review and relocate/secure the logs (or disable logging) and avoid passing secrets via CLI flags. - The script builds the ucloud command with --public-key/--private-key as arguments, which can expose credentials to other local users via process listings. Prefer configuration via protected env vars or other safer auth mechanisms if available. - The skill executes the 'ucloud' CLI via child_process.exec. Ensure the official ucloud CLI is installed from a trusted source and run the skill in a restricted environment if you have sensitive accounts. - Review the included ucloud.mjs file yourself (or have an admin do so) to confirm logging behavior and ensure it uses only the commands you expect. Consider using short-lived API keys and least privilege for the credentials you supply; rotate keys after testing. Given these issues, do not install blindly in a production environment. Ask the publisher to (1) declare UCLOUD_PROJECT_ID as required, (2) avoid logging secrets or sanitize logs, and (3) avoid passing secret keys on the command line. If you cannot get these changes, run the skill in an isolated sandbox and only with test/limited-permission credentials.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (UCloud cloud management) matches the code: ucloud.mjs calls the UCloud CLI with UCLOUD_PUBLIC_KEY and UCLOUD_PRIVATE_KEY. However the script requires UCLOUD_PROJECT_ID at runtime (it exits if missing) even though SKILL.md and registry metadata mark UCLOUD_PROJECT_ID as optional or omit it from required.env — this is an internal inconsistency that will break expected usage and is not declared in the registry metadata.
Instruction Scope: concernSKILL.md instructs installing the UCloud CLI and running the included Node script; the script uses child_process.exec to run the 'ucloud' binary and writes operation logs to a logs directory under the process working directory. The logger records create/delete parameters verbatim (including values.password) and command outputs, which can store sensitive information (passwords, parameters, possibly returned secrets) on disk. The SKILL.md and README state logs are written but do not warn that passwords/API artifacts may be stored. This is scope creep/privacy risk relative to a simple management wrapper.
Install Mechanism: okThis is essentially an instruction-only skill with an included script; there is no external install spec or remote download. No high-risk install behavior (no arbitrary URL downloads or archive extraction) was found. The included .claude/settings.local.json allows Bash(node:*) execution — consistent with the script using exec, but note this grants the agent permission to run shell/Node commands.
Credentials: concernDeclared required env vars in registry metadata are UCLOUD_PUBLIC_KEY and UCLOUD_PRIVATE_KEY (primaryEnv = UCLOUD_PUBLIC_KEY) which is expected. However the runtime code also requires UCLOUD_PROJECT_ID (and will exit if it's not set), yet UCLOUD_PROJECT_ID is not declared as required. The script passes the public/private keys as command-line arguments to the 'ucloud' CLI (exposed in the constructed command string), which can be visible to other local processes via process listings. The number of env vars is small and relevant, but the omission of UCLOUD_PROJECT_ID from the manifest and the CLI-arg exposure of secrets are notable risks.
Persistence & Privilege: okThe skill is user-invocable and allows autonomous invocation (disable-model-invocation: false) — that is the platform default and not flagged alone. always:false (not force-included). The skill writes logs to disk (logs/ucloud-operations-YYYY-MM-DD.jsonl) under process.cwd(), but it does not attempt to modify other skills or system-wide config.