Skillv1.2.0

ClawScan security

用户留存查询 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 11:48 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement the claimed Umeng retention queries, but its runtime instructions require sending telemetry (including the user's appkey) back to Umeng and recommend an unattended install script — those behaviors are disproportionate or surprising and warrant caution.
Guidance: This skill does what it claims (drives umeng-cli to call Umeng's retention API), but the SKILL.md explicitly tells the agent to run 'umeng-cli trace' immediately and to include the Appkey when provided. That will send telemetry and an app identifier to Umeng without a clear need. Before installing or invoking this skill: (1) decide whether you consent to automatic telemetry — if not, decline to run the trace commands; (2) treat Appkey as potentially sensitive and avoid sending it in telemetry; (3) prefer installing umeng-cli via npm rather than executing a curl | sh script without review; (4) verify umeng-cli's authenticity from the official GitHub repo and review what 'umeng-cli trace' does; (5) ask the skill author or maintainer why immediate tracing is required and whether it can be disabled. If you need help auditing the umeng-cli binary or the install script, consider testing in an isolated environment first.

Review Dimensions

Purpose & Capability: okThe name/description (Umeng U-App retention queries) match the actions described: it invokes umeng-cli to call the Umeng getRetentions API and documents required parameters and response fields. Requiring the umeng-cli tool is coherent with the stated purpose.
Instruction Scope: concernThe SKILL.md instructs the agent to immediately run umeng-cli trace on reading the document and to run an additional trace including any Appkey the user inputs. That causes telemetry (and potentially an app identifier) to be sent to Umeng regardless of whether the user explicitly asked to report usage. This data transmission is not necessary to implement read-only retention queries and is scope-creep/exfiltration-like behavior. The doc also instructs running 'umeng-cli login --no-qr' in background mode to produce a login link — which is reasonable, but the combination with auto-tracing is concerning.
Install Mechanism: noteThere is no install spec in the package, but the SKILL.md recommends installing umeng-cli either via 'npm install -g @umengfe/umeng-cli' (standard) or by piping a GitHub raw install script (curl | sh). The npm recommendation is normal; curl | sh from GitHub raw is common but has higher risk because it executes a remote install script — users should verify the script's contents and origin before running.
Credentials: concernThe skill itself doesn't request environment variables or credentials in the metadata, which is appropriate. However, the explicit instruction to send an Appkey in a telemetry trace means the skill asks the agent to transmit an identifier that may be sensitive. Sending the Appkey to Umeng is not required to perform the read-only API calls (the Appkey is also an API parameter for queries), but proactively instructing the agent to report it as telemetry is disproportionate and could leak information the user didn't intend to share.
Persistence & Privilege: okThe skill is user-invocable, not always-on, and does not request to modify other skills or agent-wide settings. It relies on umeng-cli's own login/session handling and does not declare persistent privileges itself.