Skillv1.0.0

ClawScan security

ima-team-board-socneo · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 17, 2026, 6:29 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and SKILL.md expect IMA API credentials and perform network calls, but the registry metadata does not declare any required environment variables — this mismatch is a red flag that should be resolved before use.
Guidance: This package appears to implement an IMA message-board client and will send/read content to/from https://ima.qq.com using API credentials. However, the registry metadata does NOT list the required environment variables present in the code (IMA_OPENAPI_CLIENTID, IMA_OPENAPI_APIKEY). Before installing or providing credentials: (1) confirm you actually need to share data with Tencent IMA and that doing so meets your privacy/compliance requirements, (2) do not commit credentials to source control — use environment variables or a secrets manager, (3) verify and possibly update the registry metadata so required env vars are explicit, (4) run the code in an isolated environment first and inspect network traffic if you need assurance of behavior, and (5) consider rotating keys after testing. The mismatch between manifest and code is the main reason for caution.

Review Dimensions

Purpose & Capability: noteThe name/description (IMA Team Board) match the implementation: the code talks to Tencent IMA endpoints to create/read/append notes. Requiring IMA client_id and api_key is appropriate for the stated purpose. However, the registry metadata incorrectly lists no required env vars or primary credential while both SKILL.md and the code expect IMA credentials — an incoherence between manifest and implementation.
Instruction Scope: okSKILL.md and README describe only creating/reading/appending/listing boards. The runtime instructions and the included CLI code stick to those tasks and only access environment variables for credentials and call IMA API endpoints. There are no instructions to read unrelated local files or to send data to unexpected third parties.
Install Mechanism: okThere is no install spec (instruction-only + standalone Python file). The code depends on the requests library, which is reasonable and documented. No external arbitrary download or archive extraction occurs.
Credentials: concernThe code reads IMA_OPENAPI_CLIENTID and IMA_OPENAPI_APIKEY from the environment and raises an error if they are missing. The SKILL.md also states IMA credentials are required. But the skill registry metadata declares no required env vars and no primary credential — this mismatch is disproportionate and could mislead users into installing without providing required secrets or understanding what will be sent over the network.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills or system-wide settings, and is not requesting elevated persistent privileges. Autonomous invocation is allowed (platform default) but not combined with other concerning privileges.