Skillv2.3.4

ClawScan security

Ow · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 7, 2026, 4:52 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, instructions, and external endpoints are consistent with a global procurement/bidding workflow; minor metadata inconsistencies and local data storage are the only notable issues.
Guidance: This skill appears to do what it says: publish procurement requests to the OW API, accept bids, evaluate them, and save notifications locally. Before installing or running it you should: (1) confirm you are comfortable with the skill making outbound HTTPS POSTs to the configured OW_API_URL (default https://www.owshanghai.com/api); (2) ensure python3 is available in the environment (SKILL.md requires it even though registry metadata omitted it); (3) be aware that buyer/seller contact details and shop links are stored under the skill's state/ directory — review or sandbox that directory if you must restrict persisted data; (4) if you plan to enable multi-platform publishing, verify any optional 'social-media-publish' or 'douyin-publish' skills before granting them access; and (5) if you need stronger guarantees, inspect the included scripts (publish.py, receive.py, evaluate.py, notify.py, multi-publish.py) or run them in a restricted sandbox before granting network access.

Review Dimensions

Purpose & Capability: noteThe skill claims to publish procurement requests and evaluate bids; the included Python scripts implement publishing (to OW_API_URL), receiving bids, evaluating, and notifying — all coherent with the stated purpose. Minor inconsistency: SKILL registry metadata lists no required binaries/env, but SKILL.md declares python3 as a required binary and an optional OW_API_URL environment variable. That difference is a metadata mismatch but not a functional mismatch.
Instruction Scope: okRuntime instructions and the scripts operate within the procurement domain: publishing to the declared OW API, generating platform-specific templates, receiving/storing bids under state/, running evaluation logic, and creating notification files for a buyer bot. The SKILL.md explicitly warns that contact info and shop links may be saved locally; scripts indeed read/write under state/ and do not attempt to read unrelated system files or request unrelated credentials.
Install Mechanism: okThere is no install spec that downloads or executes remote archives; the skill is delivered as scripts and content. The code does not perform remote code downloads during normal operation. Because the skill relies on running local Python scripts, the agent environment must have python3 available (SKILL.md mentions this).
Credentials: okThe skill does not request secrets or multiple unrelated environment variables. It optionally uses OW_API_URL (configurable) and otherwise has no declared credential requirements. References to an optional external 'credit' skill are optional and not required. There are no demands for AWS/GitHub/other unrelated credentials.
Persistence & Privilege: noteThe skill writes and reads files under its own state/ directory (bids, requirements, notifications, publish records). This is expected for a procurement workflow but does mean buyer/supplier contact details and shop links are persisted locally; SKILL.md and code both disclose this. always:false (no force inclusion) and no cross-skill config modifications were found.