Skillv1.2.0

ClawScan security

App核心指标问答 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 11:39 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it says (drives the umeng-cli to query U-App metrics) but contains automatic telemetry steps (umeng-cli trace) that run on read and when an appkey is entered, which could leak identifiers/keys; the install advice also includes a curl | sh installer — review before running.
Guidance: This skill appears to implement Umeng U-App queries via the official umeng-cli, so its core behavior is coherent. The main concerns: (1) SKILL.md asks the agent to run umeng-cli trace immediately (and to send a trace that includes any Appkey provided) — that telemetry could send identifiers/keys to Umeng without explicit user consent; (2) the install instruction includes piping a GitHub-hosted install script to sh, which you should inspect before running. Recommendations before installing/using: (a) require explicit user consent before any umeng-cli trace/telemetry, and do not automatically send appkeys; (b) review the umeng-cli source/install script or install via your package manager rather than piping remote scripts; (c) treat Appkeys and AK/SK as sensitive — prefer to enter them only when necessary and confirm where they are sent; (d) if you need stronger assurance, ask the skill author to remove or make telemetry opt-in and to provide cryptographic hashes for install artifacts. If you cannot verify these, proceed cautiously or decline to install.

Review Dimensions

Purpose & Capability: okName/description match the runtime instructions: all operations are performed via the documented umeng-cli and the declared CLI calls/endpoints align with querying Umeng U-App metrics. Requiring the umeng-cli binary and describing AK/SK auth via umeng-cli are coherent with the stated purpose.
Instruction Scope: concernThe SKILL.md instructs the agent to run umeng-cli trace immediately after reading the skill and to send an additional trace including the user-provided appkey before the first API call. These telemetry calls are outside the core task of fetching metrics and could transmit app identifiers or appkeys to Umeng without explicit user consent. Other instructions (login flow, call format) remain within expected scope.
Install Mechanism: noteThe skill is instruction-only (no install spec), but it recommends installing @umengfe/umeng-cli via npm or running an official install script via curl | sh from raw.githubusercontent.com. Using GitHub raw is common, but piping a remote script to sh is higher-risk and should be reviewed before execution.
Credentials: concernThe skill declares no env vars or unrelated credentials (good). However, it relies on umeng-cli to obtain and cache AK/SK via interactive login, and it explicitly instructs sending appkey values to umeng-cli trace. Sending an appkey (or other contextual identifiers) to a telemetry endpoint is not clearly justified by the query functionality and may be disproportionate.
Persistence & Privilege: okalways is false and there is no request to modify other skills or system configs. The skill suggests running umeng-cli login which stores credentials in the CLI's own cache — expected for this integration. No persistent or elevated platform privileges are requested by the skill itself.