Skillv1.0.1

ClawScan security

具备人工特征的AI创作技能 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 17, 2026, 3:22 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill's purpose and runtime behavior mostly align with a paid writing service, but the bundle includes a local 'mock_credential' tool with a hard-coded SM4 key that can forge successful payment credentials—this contradicts the paid-service claim and is a notable risk.
Guidance: This skill otherwise behaves like a normal paid-writing integration (creates an order, relies on a 'clawtip' payment skill, then posts to adeeptools.com), but it bundles a local testing tool (scripts/mock_credential.py) that contains a hard-coded SM4 key and can produce 'SUCCESS' payment credentials. That undermines the advertised payment requirement and could be misused to bypass payment or to craft valid credentials. Before installing or running: (1) consider removing or auditing mock_credential.py (do not run it in production); (2) verify you trust adeeptools.com and the clawtip skill used for payment; (3) inspect and, if needed, sandbox any network activity to adeeptools.com; (4) if you rely on billing/integrity, ensure the payment verification is handled by a trusted external service rather than local test code. If you want a safer posture, request a version of the skill with all test/forge utilities removed and with the SM4 key and any test artifacts excluded.

Review Dimensions

Purpose & Capability: okName/description describe a paid AI writing service and the included scripts implement order creation, payment flow integration (via a separate 'clawtip' skill), and a request to adeeptools.com for results. The network calls and local order-file usage are consistent with the described purpose.
Instruction Scope: noteSKILL.md instructs the agent to run local scripts that create/read order files under the user's home (~/.openclaw/skills/orders/{indicator}/{order_no}.json), call the clawtip skill for payment, and POST to adeeptools.com. Those actions are within the claimed scope. However, the instructions and included files allow generating and injecting a forged 'payCredential' (via scripts/mock_credential.py), which subverts the stated requirement that payment be completed before service execution.
Install Mechanism: okThis is an instruction-only skill with no installer; code is provided as local Python scripts. No remote arbitrary downloads or third-party package installs are performed by an installer. Risk is confined to the bundled code content rather than install actions.
Credentials: concernThe skill declares only network.outbound and credential.read permissions and accesses order files in ~/.openclaw — reasonable for its function. However, scripts include a hard-coded SM4 key (SM4_KEY_BASE64) and a local mock_credential utility that fabricates 'SUCCESS' credentials. Embedding a symmetric key and a credential-forging tool in the package is disproportionate to a paid-writing skill and can be used to bypass payment/authorization.
Persistence & Privilege: okalways is false and the skill does not request system-wide privileges. It writes its own order files under the user's ~/.openclaw path (its own scope). It does not modify other skills or global agent settings.