Skillv1.0.0

ClawScan security

codropshiping-product-search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 9, 2026, 10:09 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it says (POSTs a keyword + token to a product-search API) but has small inconsistencies and privacy/operational concerns you should review before use.
Guidance: This skill's behavior is coherent with its description — it POSTs {keyword} to a Codrop-like endpoint using the provided token — but there are a few things to check before using it with real credentials: - Provenance: there is no homepage or known source; verify the author and whether the endpoint (test-codrop.cargosoon.online) is the correct/trusted service you intend to query. - Secret handling: the script expects --token on the command line. CLI args can leak via process listings and may be saved in shell history. Prefer a version that reads the token from an environment variable or prompts interactively, and update metadata to declare the credential. - Test first: run with a dummy token to observe responses and ensure the endpoint behaves as expected. - TLS/endpoint trust: the script uses HTTPS but points to an unfamiliar host. Confirm the certificate and that you trust the service before sending real tokens. - If you need stronger assurance: ask the author for a package with declared required credentials (primaryEnv) and supply instructions for safer secret handling, or request a reputable source/homepage. Given the metadata mismatch and unknown host, proceed cautiously — this looks legitimate in function but has enough provenance and secret-handling issues to treat as suspicious until validated.

Review Dimensions

Purpose & Capability: noteThe code and SKILL.md implement a product search against a Codrop-like API (POST to /api/shipping/Goods/ProductSearchKeywordQuery on test-codrop.cargosoon.online) which aligns with the stated purpose. However the registry metadata lists no required credentials while the SKILL.md and code clearly require an authentication token passed as --token. The skill's source/homepage are also missing, reducing provenance.
Instruction Scope: okThe runtime instructions and the script are narrowly scoped: they accept a keyword and token, POST JSON to the remote API, and print the JSON response or an error. The script does not read files, environment variables, or other system state. It does log raw responses on parse failure.
Install Mechanism: okThis is an instruction-only skill with a small Node.js script and no install spec; nothing is downloaded or written by an installer. That lowers install-time risk.
Credentials: noteNo environment variables or platform credentials are declared in metadata, but the skill requires an auth token passed on the command line. Passing secrets via CLI can expose them in process listings and shell history; the token requirement should be declared in metadata (primaryEnv) or documented with safer usage guidance.
Persistence & Privilege: okThe skill is not always-enabled and does not request any elevated persistence or modify other skills/config. It is user-invocable and can be invoked autonomously (platform default), which is expected.