Back to skill
Skillv1.0.0
ClawScan security
Company search wdy · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 29, 2026, 9:56 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill appears to be a straightforward WenDaoYun company-info integrator, but its manifest and runtime instructions disagree about required credentials (the SKILL.md requires an API key that the registry metadata does not declare) which is an important incoherence to resolve before installing.
- Guidance
- This skill appears to be a normal WenDaoYun company-info integrator, but the SKILL.md requires an API key (WENDAOYUN_API_KEY) while the registry metadata lists no required environment variables — that's an important mismatch you should resolve before installing. Ask the publisher to (1) update the skill metadata to declare WENDAOYUN_API_KEY as a required/primary credential so the platform can handle prompting and secure storage, (2) provide a homepage/source or publisher identity, and (3) confirm how the key will be stored or transmitted by the agent. Other practical checks: verify the Base URL (https://h5.wintaocloud.com/prod-api/api/invoke) is legitimate, test with a revocable/dummy API key first, confirm the skill respects the documented rate limit (200/day), and avoid sending highly sensitive PII until you trust the publisher. If the publisher updates the manifest to declare the API key and provides a verifiable source, the incoherence would be resolved and the skill would look benign; until then treat it with caution.
Review Dimensions
- Purpose & Capability
- concernThe skill's stated purpose (query WenDaoYun company info) matches the SKILL.md content and the documented API endpoints. However, the registry metadata lists no required environment variables or primary credential, while SKILL.md explicitly instructs the user to set WENDAOYUN_API_KEY. This mismatch is disproportionate and unexplained.
- Instruction Scope
- noteThe instructions specify using the WenDaoYun API Base URL, Bearer Authorization header, GET requests, result pagination, and explicit user confirmation before detail queries. They do not ask the agent to read unrelated files, other credentials, or send data to unexpected endpoints. Overall the runtime instructions stay within the described scope, aside from the missing declaration of the API key in metadata.
- Install Mechanism
- okThere is no install spec and no code files — this is an instruction-only skill, so nothing will be written to disk by an installer. This is the lowest-risk install mechanism.
- Credentials
- concernSKILL.md requires a single sensitive secret (WENDAOYUN_API_KEY) and instructs exporting it as an environment variable, but the skill metadata declares no required env vars or primary credential. That inconsistency is concerning because a runtime secret is expected but not declared; a user may not be prompted to provide it in a secure way. Other than that, no unrelated credentials or config paths are requested.
- Persistence & Privilege
- okThe skill does not request always:true, does not require system config paths, and has no install behavior. Autonomous invocation is allowed (platform default) but combined with the other findings does not by itself raise additional privilege concerns.