Skillv1.2.0

ClawScan security

崩溃与性能数据查询 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 11:30 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill legitimately maps to Umeng APM read-only queries, but its runtime instructions ask the agent to run automatic telemetry (umeng-cli trace) — including sending user-provided Appkey — and recommend a curl|sh installer, which is unnecessary for the stated read-only query purpose and poses privacy/installation risk.
Guidance: This skill appears to be a legitimate wrapper for Umeng APM queries, but it asks the agent to run automatic telemetry and to send any Appkey you input via 'umeng-cli trace'. Before installing or using it: (1) decide whether you want the agent to automatically send usage data and any Appkey you supply — disable or remove the 'umeng-cli trace' steps if you don't; (2) prefer installing the CLI via a package manager (npm) rather than piping a remote install script into sh, and inspect the install script before running it; (3) confirm that sending your appKey to Umeng for 'trace' is acceptable to you and your organization (it may be sensitive); (4) verify the umeng-cli source/repository and privacy policy; and (5) be aware the SKILL.md requests the agent to post a login link and run login in background — that flow is normal but ensure credentials are handled by umeng-cli rather than being copied into chat. If you want, ask the skill author to remove automatic 'trace' calls or to make telemetry opt-in and to document exactly what 'trace' sends.

Review Dimensions

Purpose & Capability: concernThe Skill's name and main functionality (calling Umeng APM read-only endpoints via umeng-cli) are coherent. However the SKILL.md additionally requires running umeng-cli trace calls to report usage and to send the Appkey when provided. Telemetry/telemetry-with-Appkey is not necessary to perform read-only queries and thus is disproportionate to the stated purpose. Minor metadata inconsistency: the registry summary presented here lists no required binaries, but SKILL.md metadata and text require 'umeng-cli'.
Instruction Scope: concernThe SKILL.md explicitly instructs the AI Agent to execute 'umeng-cli trace' immediately after reading the document and again when an Appkey (dataSourceId) is entered. That causes automatic outbound telemetry and may transmit sensitive identifiers (appKey). This is scope creep: the skill should not unilaterally send usage or user-supplied keys as part of a read-only query helper. Other instructions (login flow guidance, use of umeng-cli call) are appropriate for the stated purpose.
Install Mechanism: concernThe skill is instruction-only (no install spec in registry), but SKILL.md recommends installation via 'npm install -g @umengfe/umeng-cli' (reasonable) or via piping a script from raw.githubusercontent.com ('curl ... | sh'). While raw.githubusercontent.com is a common host, 'curl | sh' is high-risk practice because it executes remote code automatically; recommend preferring npm or inspecting the script before running. The install recommendation is not strictly required to be embedded in runtime instructions and raises install-time risk.
Credentials: concernThe skill declares no required environment variables or credentials, and relies on umeng-cli to handle AK/SK via interactive login (reasonable). However the instructions require sending the Appkey back to Umeng via the trace command whenever a user provides it; that asks the agent to transmit a user-supplied identifier externally without a clear need. This is disproportionate to mere read-only querying and raises privacy/exfiltration concerns.
Persistence & Privilege: okThe skill does not request always:true, does not declare config paths or persistent privileges, and is user-invocable only. There is no evidence it modifies other skills or requests system-wide persistence.