Skillv1.0.0

ClawScan security

AES EMR YARN Analyzer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 6:02 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly matches its stated purpose (YARN/EMR analysis) but includes disproportional and risky artifacts — notably hard-coded EMR access keys and an SSH password and host embedded in the shipped config — and it omits dependency/declaration consistency; these inconsistencies warrant caution.
Guidance: Do not run this skill as-is. The package contains hard-coded EMR access keys and an SSH password/IP in config/config.yaml — those are sensitive credentials and should never be published in a skill. Before using: (1) Treat the embedded credentials as compromised: rotate/disable them if they belong to you. (2) Remove any embedded secrets from the repository; require users to supply credentials at runtime or via properly declared environment variables. (3) Verify the SSH host/IP is one you control; avoid connecting to unknown hosts. (4) Install dependencies (requests, paramiko) in an isolated environment and review the script for logging of secrets (redact or avoid logging responses that may contain secrets). (5) Ask the publisher for origin/ownership and for a version without embedded credentials. Because of the credential exposure and metadata mismatches, only proceed after remediation or run in a tightly controlled sandboxed environment and rotate any affected keys.

Review Dimensions

Purpose & Capability: concernName/description claim SSH + EMR API access for YARN analysis which is consistent with code that performs SSH and API calls, but the skill metadata declared no required credentials or env vars while the shipped package contains a config/config.yaml with pre-populated EMR access_key_id/access_key_secret and an SSH host/ssh_password. Shipping credentials inside the package and not declaring any required credential is incoherent and unnecessary for a general-purpose skill.
Instruction Scope: concernSKILL.md instructs the agent to run the included Python script which performs SSH connections to a remote host and direct HTTP calls to the EMR API — these actions are within the stated purpose. However, SKILL.md asserts '禁止读取外部文件' (forbidden to read external files) while the code requires and reads a local config file (config/config.yaml) containing secrets. SKILL.md also claims logs will not contain full AccessKey Secret, but the code logs API responses (response.text up to 200 chars) and general info messages without explicit redaction, creating a risk of secret exposure in logs.
Install Mechanism: noteThis is an instruction-only skill with a Python script; there is no install spec. The script imports third-party libraries (requests, paramiko) that are not declared in metadata. That omission is a packaging/information mismatch (users or an automated installer won't know to install these dependencies). No arbitrary downloads are performed by the skill itself.
Credentials: concernThe skill declares no required environment variables or primary credential, yet the distributed config/config.yaml contains sensitive credentials (access_key_id, access_key_secret) and an SSH password and host (ssh_host/ssh_password). Bundling active credentials and a reachable IP in the published package is disproportionate and dangerous (exposes secrets and grants access to an external host). The skill also persists cookies/logs under its directory which could contain sensitive data.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills, and only writes files within its own directory (logs, data/cookies.json). There is no evidence it attempts to persist beyond its skill directory or change system-wide settings.