Skillv1.1.16

ClawScan security

Siluzan CSO · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 10:07 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files and runtime instructions broadly match a content-publishing / RAG assistant, but there are inconsistencies and an installer pattern that grants the agent permission to fetch and execute remote code and modify local system/agent files — you should review the installer and config behaviour before installing.
Guidance: What to check before installing: - Inspect the installer script (scripts/install.sh and the URL https://unpkg.com/siluzan-cso-cli@latest/...) yourself before running it. The SKILL instructs executing a remote script via curl|irm | iex — this downloads and runs code on your machine. - Confirm you trust the siluzan project/site (homepage and source are present in _meta.json) and prefer to install manually if unsure. Prefer manual install steps (download package, verify contents, run locally) over piping remote code into a shell. - Understand persistence: the CLI will store credentials in ~/.siluzan/config.json and may register itself globally and write files to your AI assistant folder via `siluzan-cso init`. - OAuth & uploads: publishing actions trigger browser OAuth flows and upload local media to the vendor platform — only upload files you want to be transmitted to that service. - Metadata mismatch: note the repo metadata and SKILL.md disagree on required binaries/env vars; ask the skill author to clarify whether Node/npm and ffmpeg are required and which env vars are actually used. - Mitigations: run the installer in a sandbox/VM or inspect/install Node/npm yourself first; don't run install as an elevated user; review ~/.siluzan/config.json after setup; avoid placing highly sensitive files in paths that might be uploaded. Given the remote-install pattern and the filesystem actions, proceed only after reviewing the installer and confirming you trust the upstream package.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (CSO: content publishing, account management, RAG) match the included docs (commands, RAG guidance, three‑lib workflows, publish/report/upload references). However there are metadata inconsistencies: the top-level registry summary lists no required binaries, while _meta.json declares node/npm (and optional ffmpeg) — and SKILL.md promises an installer that will install Node.js if missing. These mismatches should be clarified but do not on their own contradict the stated purpose.
Instruction Scope: concernSKILL.md instructs the agent to (a) fetch and run a remote installer (curl|irm piped to shell/iex), (b) install Node.js and globally register the CLI, (c) write Skill files into the AI assistant directory via `siluzan-cso init`, (d) access local files (video/image paths, ffmpeg for extract-cover), and (e) perform OAuth in the browser and upload local assets to the platform. These actions are consistent with a publishing tool but broaden the agent's runtime privileges (remote code execution, installation, writing to user/agent directories). The installer step is described as something the agent should '直接帮用户执行' (directly help execute) which is ambiguous about whether explicit user consent is required before running remote code.
Install Mechanism: concernNo formal install spec was declared in the registry, but SKILL.md directs execution of a remote script hosted via unpkg.com (npm CDN) and the repo contains scripts/install.sh. Piping remote content into bash / PowerShell (curl|irm | iex) is a high‑risk install pattern even when served from a common CDN. Using unpkg.com is common for npm packages, but it still results in arbitrary code being downloaded and executed on the host; you should inspect the install script and package contents before running. The presence of an install.sh that reportedly handles Node installation and global registration increases the impact of running the script.
Credentials: noteSKILL.md documents optional environment variables (SILUZAN_API_KEY, SILUZAN_AUTH_TOKEN, SILUZAN_DATA_PERMISSION) and the CLI uses a local config (~/.siluzan/config.json) to store tokens. _meta.json only lists SILUZAN_AUTH_TOKEN as optionalEnv and declares ~/.siluzan/config.json as a config path — this is a small mismatch between docs and metadata. The env vars requested are proportionate to a publishing/RAG tool, but you should be aware the skill will store/read credentials locally and may prefer env variables for CI usage.
Persistence & Privilege: notealways:false (good). The skill's instructions include writing Skill files into the AI assistant directory via `siluzan-cso init` and the installer will 'globally register' the CLI and configure an API key. Writing its own files and storing its token in ~/.siluzan/config.json are expected for this kind of tool, but they do grant persistent presence and the ability to trigger uploads/requests later. There is no indication it modifies other skills or system-wide agent settings outside its own config, but the installer automating Node/npm installation and global registration is an elevated action you should be comfortable with before proceeding.