Skillv1.0.2

ClawScan security

返利宝 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 11, 2026, 7:12 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime rules are mostly coherent with a 'rebate/link-search' assistant, but it forwards user content to an external backend and forces verbatim script output (including external URLs/tokens) without declaring or documenting that backend—this combination and the unknown homepage/owner are worth caution.
Guidance: This skill appears to implement a rebate/link-generation product and will: 1) call included node scripts, 2) send user-provided messages and product links to a backend service, and 3) instruct users to visit external auth/follow pages (xiaomaxiangshenghuo.io.mlj130.com). Before installing, verify: (a) who operates the backend (there's no homepage or clear owner info in the registry), (b) the exact API endpoints used (check scripts/common.js to find base URLs), and (c) privacy implications—your raw messages, product links, and any tokens returned by the backend may be transmitted or displayed verbatim. If you don't trust the backend domain or operator, do not install. If you proceed, consider running the skill in a controlled environment, inspect network traffic during authorization, and avoid sending any PII you don't want shared with the remote service.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (rebate/link search + product search) aligns with the included scripts: link recognition, product intent extraction, search, adzone lease, rebate link creation and withdraw flows. However the skill includes hardcoded-looking external URLs (xiaomaxiangshenghuo.io.mlj130.com) used for authorization/follow pages and likely a backend API; there is no public homepage or documentation and the registry owner is not recognizable. That lack of transparency about the backend is a notable omission but functionally consistent with the described purpose.
Instruction Scope: concernSKILL.md requires the agent to call local CLI JS scripts and return the script stdout verbatim (no editing, no summarization). The scripts perform network calls (search, create rebate link, apply withdraw, resolve short links) and may include user-supplied raw messages and links in requests. Because outputs are returned unmodified, any sensitive tokens/URLs produced by those remote APIs would be shown directly to users. The runtime instructions also save pending auth requests and direct users to external auth pages. The scripts do not appear to read unrelated system files or environment variables, but the enforced verbatim relay of script output increases the risk of unintended disclosure.
Install Mechanism: noteThis is instruction-only in terms of registry install spec (no declared install). The package includes many JS files intended to run under node and the SKILL.md documents an npm build step (npm install; npm run build). That build step would pull dependencies at install time if followed. No external binary downloads are specified in the skill metadata, but executing the scripts will cause outbound network requests at runtime. The lack of an explicit, audited install source (and no homepage) reduces transparency.
Credentials: okThe skill declares no required environment variables or credentials. Internally it manages a local machine code and local openid binding and enforces user-driven OAuth-like flow via external URLs. It does not request unrelated cloud credentials or secret env vars in the manifest. Still, the runtime will transmit user messages (links, queries) to a remote API/backend, which is proportionate for a rebate/link-generation service but should be disclosed to users.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges. It persists local bindings (machine code and openid) and writes pending auth requests (best-effort) — behavior consistent with an auth flow. There is no evidence it modifies other skills or system-wide configs.