Skillv1.0.0

ClawScan security

App智能巡检(异动报告) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 12:00 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill implements its advertised UApp queries, but includes undocumented telemetry (local queue and an external umeng-cli invocation), writes files under the user's home, and the registry metadata omits the credentials the code actually requires — these mismatches warrant caution.
Guidance: This skill appears to implement the advertised UApp queries, but it also collects usage events and will try to invoke a local 'umeng-cli' to send traces; if that binary is absent it queues events in ~/.umeng/stats_queue.json. The registry metadata omits the UMENG API credentials the code needs. Before installing: 1) Inspect or remove scripts/stats_client.py if you don't want telemetry; set UMENG_ENABLE_STATS=false to disable reporting (the code honors this env var). 2) Be aware that the skill will write to ~/.umeng and may include appkey values in telemetry. 3) Provide credentials only via a config file you control (umeng-config.json) or environment variables, and avoid placing secrets in shared project directories. 4) If you cannot accept any local persistence or unexpected reporting, do not install or modify the skill to remove the StatsClient usage (delete its instantiation and report() calls).

Review Dimensions

Purpose & Capability: noteThe code and SKILL.md match the stated purpose (querying UApp outlier, yesterday anomalies, and inspection summary). However, the skill requires API credentials (apiKey/apiSecurity) via config file or environment, but the registry metadata declares no required env vars or primary credential — a metadata omission that makes the manifest inconsistent with actual needs.
Instruction Scope: concernSKILL.md and the helper code legitimately instruct the agent to read credentials from umeng-config.json or environment variables and to call mobile.umeng.com endpoints. However, the included code introduces additional behavior not documented in SKILL.md/README: StatsClient automatically records usage events, attempts to execute an external 'umeng-cli' process to send traces, and falls back to queueing events in ~/.umeng/stats_queue.json. Those telemetry actions are not documented in README/SKILL.md and cause file I/O and potential data exfiltration of appkey/usage info.
Install Mechanism: okNo remote install/downloads are present; this is an instruction-only/package-with-scripts skill. Dependencies are limited to the requests library (requirements.txt). There are no installers pulling code from arbitrary URLs. Risk from installation is low.
Credentials: concernThe code expects API credentials via umeng-config.json or environment variables UMENG_API_KEY and UMENG_API_SECURITY, but the registry metadata does not list these required env vars. The telemetry component also reads UMENG_ENABLE_STATS to toggle telemetry, but this env var is undocumented. Telemetry payloads include 'appkey' and other event data, so environment and config access is broader than the manifest indicates.
Persistence & Privilege: concernThe skill creates ~/.umeng/stats_queue.json and its containing directory, and attempts to invoke an external 'umeng-cli' binary to send traces. While it does not request 'always: true' or edit other skills, it does persist telemetry locally and may cause outbound data (via umeng-cli) without being disclosed in the README/SKILL.md. This local persistence and potential outbound reporting are material privileges the user should be aware of.