Skillv0.0.1-beta.1

ClawScan security

Alibabacloud Iqs Weather Query · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 9, 2026, 4:52 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement a legitimate Alibaba Cloud IQS-backed 7-day weather query, but there are inconsistencies (missing declared env requirement) and the instructions encourage the agent to generate/insert parser code into the shipped script which broadens its scope — review before installing.
Guidance: This skill implements a plausible Alibaba Cloud IQS-based weather lookup and requires an ALIYUN_IQS_API_KEY (the script reads process.env and ~/.alibabacloud/iqs/env), but the registry metadata does not declare that env var — confirm the key requirement before installing. Review the bundled scripts/weather.mjs yourself: the code calls cloud-iqs.aliyuncs.com and contains site-specific parsers. Pay special attention to the "evolve" behavior: the skill encourages producing new parser code and registering it in the shipped file; do not automatically accept or run code-generation that rewrites files without manual review. If you will provide the API key, consider running the skill in a constrained environment (container or isolated account) and only enable autonomous invocation if you trust the publisher. If you need higher confidence, ask the publisher for a provenance/source repository and updated metadata declaring ALIYUN_IQS_API_KEY, or request that the evolve/self-modification capability be removed or only exposed as a manual developer instruction.

Review Dimensions

Purpose & Capability: noteThe name/description match the included script: it queries Alibaba Cloud IQS (UnifiedSearch + ReadPage) to return weather data. That capability reasonably requires an ALIYUN_IQS_API_KEY and access to the IQS endpoints. However, the registry metadata claims "Required env vars: none" while SKILL.md and the script both require/read ALIYUN_IQS_API_KEY (and may read ~/.alibabacloud/iqs/env). This mismatch is inconsistent and should be clarified.
Instruction Scope: concernSKILL.md and the script stay mostly within weather-query scope (search, read, parse). However the bundle explicitly includes an "evolveHint" that asks the agent to analyze rawText and produce a new parser function and register it in scripts/weather.mjs. That guidance effectively instructs the agent to create or modify code within the skill bundle (or at least to propose code to be inserted). This expands the skill's runtime authority and could lead to the agent being asked to write/execute code beyond simple queries. The instructions also reference reading the user's home config file (~/.alibabacloud/iqs/env) — which is relevant for an API key but is an additional filesystem access to be aware of.
Install Mechanism: okNo install spec is provided (no downloads or package installs). The skill includes a Node.js script (requires Node.js >= 18). There is no external install URL or archive; risk from install mechanism is low. The presence of an included .mjs script means code will run locally when invoked.
Credentials: noteThe script only needs the ALIYUN_IQS_API_KEY (from process.env or ~/.alibabacloud/iqs/env) to call Alibaba IQS endpoints, which is proportionate to the stated purpose. The discrepancy is that the registry metadata lists no required env vars while SKILL.md and scripts do require an API key — this omission is a red flag for sloppy metadata or accidental under-declaration; verify the key requirement before use. No other credentials or unrelated environment variables are referenced.
Persistence & Privilege: noteThe skill does not request always:true and does not declare any system-level persistence. However the skill's 'self-improve' guidance encourages adding parser functions into scripts/weather.mjs (i.e., modifying the skill's files). While editing its own parser registry could be legitimate for maintenance, it effectively allows evolution of executable code and should be treated as elevated behavior: only allow if you trust the source and review proposed changes before applying them.