ClawHub

Miaoda App Builder

Security checks across malware telemetry and agentic risk

Overview

This is a mostly coherent Miaoda app-building integration, but it deserves review because it can generate and publicly publish apps and its API token handling is not tightly bounded to the official host.

Install only if you are comfortable giving this skill a Miaoda API key and sending app prompts/specifications to Miaoda. Before use, keep the API base URL at the official Miaoda endpoint, require explicit confirmation before generation or public publishing, and avoid including secrets or private business data in project prompts.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI02: Tool Misuse and Exploitation
Medium
What this means

An agent following the skill literally could publish a generated app to a public URL before the user has reviewed the final output or confirmed deployment.

Why it was flagged

The provided instructions make public publishing part of the standard new-application workflow. For websites, SaaS products, dashboards, and internal tools, this can expose content publicly and change the user's Miaoda account without a clearly shown final approval step.

Skill content
Create New Application

```
chat  PRD refinement  generate-app --watch  publish --wait
```
... This is the **public production URL** of the deployed application.
Recommendation

Require an explicit user confirmation before `generate-app` and especially before `publish`, and show the user the app name, appId, destination URL, and any expected cost or credit impact first.

#
ASI03: Identity and Privilege Abuse
Medium
What this means

If the base URL is misconfigured or influenced by an untrusted instruction, the user's Miaoda API token could be sent to an unintended server.

Why it was flagged

The CLI accepts an alternate base URL while adding the Miaoda bearer token to requests. The artifacts do not show a host allow-list or other guard that limits token transmission to the official Miaoda API endpoint.

Skill content
MIAODA_BASE_URL   - Platform base URL (alternative to --base-url) ... "Authorization": f"Bearer {api_key}"
Recommendation

Use the default `https://api.miaoda.cn` endpoint unless you fully trust the alternate endpoint, and avoid letting prompts or untrusted content set `--base-url` or `MIAODA_BASE_URL`.

#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means

The skill may fail until a dependency is installed, and manual package installation introduces normal Python package supply-chain considerations.

Why it was flagged

The script depends on the external `requests` package and suggests an unpinned manual install if it is absent. This is common Python tooling behavior, but users should install dependencies from trusted package sources.

Skill content
Error: 'requests' package not installed. Run: pip install requests
Recommendation

Install dependencies from a trusted environment and prefer pinned, reviewed dependency versions where possible.

#
ASI06: Memory and Context Poisoning
Low
What this means

Prompts, app specifications, generated artifacts, and conversation identifiers may remain associated with the user's Miaoda account and be used in later project interactions.

Why it was flagged

The skill is locally stateless, but project and conversation context are stored and reused on the external Miaoda platform. This is expected for an app-builder service, but it is persistent context outside the local agent session.

Skill content
Application workflow state is maintained by the Miaoda platform and must be inferred from: appId, conversationId, application detail, conversation trajectory events
Recommendation

Avoid sending secrets or sensitive business data unless the user is comfortable storing it in Miaoda, and verify the correct appId and conversationId before modifying an existing project.