Back to skill
Skillv1.0.0
ClawScan security
us3-uploader-encrypted · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 14, 2026, 4:15 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill largely does what it claims (uploading files to UCloud US3), but there are multiple mismatches and policy/privilege concerns (undeclared/required credentials in the docs, runtime pip install, and always:true), so proceed only after addressing those issues.
- Guidance
- This skill appears to implement a legitimate US3 uploader, but there are concerning inconsistencies and privilege choices you should address before installing: (1) Fix the metadata: declare required environment variables and the primary credential so the platform can surface what secrets the skill needs. (2) Remove or justify always:true — prefer user-invoked only unless you have a clear reason to force inclusion. (3) If you must provide keys, create a dedicated, least-privilege API key and a single bucket used only for this purpose; do not provide high-privilege account keys. (4) Review and, if desired, vendor-lock the runtime dependency (replace runtime pip install with a declared install spec or bundle a pinned dependency) to avoid unexpected downloads. (5) Test in an isolated environment and verify the script only uploads intended files and the signed URLs behave as expected. If you cannot or will not correct the metadata and remove always:true, treat the skill as high-risk and avoid supplying production credentials.
Review Dimensions
- Purpose & Capability
- concernThe skill's stated purpose (upload files to UCloud US3) matches the provided script and docs. However the registry metadata declares no required environment variables or primary credential while the SKILL.md and the script require US3_PUBLIC_KEY, US3_PRIVATE_KEY and US3_BUCKET. That mismatch (declared vs. actual requirements) is incoherent and should be corrected before trusting the skill.
- Instruction Scope
- concernSKILL.md explicitly instructs the agent to always upload any produced file and to run python3 scripts/upload_to_us3.py <file>. The script reads arbitrary file paths given to it and environment secrets, and will auto-install the ufile SDK if missing. The 'always upload' mandate combined with an auto-installing script increases the chance of accidental/excessive uploads (including sensitive files) and unexpected network activity.
- Install Mechanism
- noteNo install spec in registry (instruction-only), but the included script will attempt to run 'pip3 install -q ufile' at runtime via os.system if the SDK is missing. Installing packages at runtime over the network is a moderate risk (unreviewed code pulled from PyPI) and should be called out.
- Credentials
- concernThe environment variables required by the script (US3_PUBLIC_KEY, US3_PRIVATE_KEY, US3_BUCKET, optional US3_ENDPOINT and US3_MAX_FILE_SIZE_MB) are appropriate for the uploader's function, but the registry metadata does not advertise them. The script requires a private API key (sensitive). Combined with the skill being always-included, this raises a real risk: a loaded skill with access to a PRIVATE_KEY could be invoked unexpectedly and upload files or generate signed URLs.
- Persistence & Privilege
- concernThe skill is marked always:true in its metadata, meaning it will be force-included in every agent run. That privilege combined with access to a private API key and an instruction that 'any produced file must be uploaded' is disproportionate — most uploader skills do not need to be always-enabled. This increases blast radius for accidental or malicious file uploads.