Skillv0.2.0

ClawScan security

Tcb Harness · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 1:25 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files and instructions are coherent for a CloudBase (TCB) development harness, but there are mismatches between what the SKILL metadata declares (no required env vars or binaries) and what the runtime instructions and reference files actually expect — this discrepancy and the presence of executable scripts warrant caution.
Guidance: This skill appears to be a genuine CloudBase (TCB) project harness and includes many useful templates, guides, and scripts — but there are a few red flags you should address before using it on real systems: 1) Metadata mismatch: the skill declares no required env vars or binaries, yet the docs and templates expect Node/npm/npx, miniprogram-ci/mcporter, Python, and environment variables (CloudBase envId/appid, VITE_CLOUDBASE_ENV, AI_API_KEY, API_BASE_URL). Ask the author to declare required binaries and sensitive env vars. 2) Review executable scripts: inspect scripts/init_project.py, scripts/gen_test_data.py, scripts/project_status.py and any included package.json scripts for network calls, shell execution, or hardcoded endpoints before running; run them in an isolated sandbox or CI runner first. 3) Protect secrets: only provide CloudBase credentials or AI_API_KEY in least-privilege test environments; do not supply production credentials until you audit deployment-related code. 4) Check tracing/storage: the trace collector writes to a 'traces' collection — confirm retention, access controls, and that sensitive fields are handled as you expect. 5) Validate build/deploy tool usage: the SKILL instructs use of npx mcporter, miniprogram-ci, playwright, etc.; ensure those tools are the ones you intend to run and are installed from trusted sources. If the author cannot clarify the missing declarations or you cannot fully audit the scripts, run the harness only in a disposable environment (local VM, container, or isolated CI) and treat any credentials as test-only.

Review Dimensions

Purpose & Capability: noteThe name/description (CloudBase development harness) match the included templates, reference guides, and scripts: project templates for mini-program/web, cloud function examples, tracing middleware, testing and deployment guides, and helper scripts. This is internally consistent with the stated purpose. However, the skill metadata declares no required environment variables or binaries while the documentation and templates clearly reference CloudBase envIds, appids, build/deploy CLIs (npx, npm, miniprogram-ci, mcporter), and CI/AI keys — a mismatch that should be explained by the author.
Instruction Scope: concernSKILL.md routes the agent to run local scripts (e.g., scripts/init_project.py, scripts/project_status.py), npm/npx commands (npm install, npx mcporter, npx miniprogram-ci, npx playwright install), and to read/write project config files under projects/{project}/.harness/. The instructions also reference using Claude Code and other skills. Running those scripts/commands will execute code included with the skill and rely on system tooling; the instructions do not enumerate required system binaries or safe execution constraints. The instructions do not appear to ask the agent to read unrelated host files, but they do require executing potentially powerful tooling without declaring that requirement.
Install Mechanism: noteThere is no install spec (instruction-only installer), which reduces supply-chain risk from remote downloads. All code is bundled with the skill as templates and Python/JS helper scripts. That means execution risk exists only if the agent/user runs included scripts or npm commands — there is no external archive download in the install step. This is reasonable for a template/harness, but the presence of many executable scripts increases the importance of reviewing them before execution.
Credentials: concernThe skill metadata lists no required environment variables, yet multiple bundled files and reference configs reference environment variables and secrets: VITE_CLOUDBASE_ENV (web utils), process.env.AI_API_KEY (Midscene AI config), API_BASE_URL, various CI/env flags, and expected CloudBase envId/appid in .harness/deploy-config.json. The skill will therefore expect credentials and environment settings at runtime (CloudBase envId/appid, possibly AI_API_KEY) but does not declare them. Required secrets like AI_API_KEY or cloud env credentials are sensitive and should be documented and limited to the minimum necessary.
Persistence & Privilege: okThe skill is not marked always:true and does not request system-wide configuration changes or other skills' credentials. It reads/writes project-local files under projects/{project}/ and .harness/ which is expected for a project harness. There's no evidence it attempts to persist or escalate privileges beyond its project scope.