Back to skill
Skillv0.1.0
ClawScan security
献丑 Skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 8:21 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions align with a CLI that calls the Xianchou /api/cli endpoints to generate images/videos and update Markdown; nothing requested appears unrelated to that purpose.
- Guidance
- This skill is coherent with a CLI that calls the Xianchou service and needs an Access Key, Project ID, and API URL. Before installing: (1) verify the npm package @xianchou/cli and its publisher on the npm registry and the project homepage (https://xianchou.com); (2) only provide an Access Key you trust — consider creating a scoped/limited key for this use; (3) be aware that a dry-run will still download generated assets to the specified assets directory (it won't modify your Markdown unless you pass --write); (4) the CLI stores credentials in ~/.xianchou/config.json by default (or in XIANCHOU_CONFIG_DIR if set); (5) if you do not want autonomous agent invocation, restrict the skill or disable autonomous invocation in your agent settings. If you want higher assurance, request the actual npm package source or a signed release to review before installation.
Review Dimensions
- Purpose & Capability
- okName/description (Markdown/MDX auto imagery and video via Xianchou) match the declared binary (xianchou), npm install (@xianchou/cli), and the environment variables (ACCESS_KEY, PROJECT_ID, API_URL, CONFIG_DIR). Required items are consistent with a CLI that authenticates and contacts the service.
- Instruction Scope
- noteSKILL.md instructs the agent to read target Markdown/MDX files, extract frontmatter/titles, call /api/cli/* endpoints, poll tasks, download resulting images/videos, and optionally write back to the file only when --write is supplied. Important note: a "dry-run" still generates and downloads assets (does not modify Markdown but will write files to the assets dir), which may surprise users expecting a purely read-only dry-run.
- Install Mechanism
- okInstall spec uses the public npm package @xianchou/cli to create the xianchou binary — an expected mechanism for a JS CLI. npm installs carry moderate risk compared to no install, so users should verify the package and publisher on the npm registry before installing.
- Credentials
- noteRequested env vars (XIANCHOU_ACCESS_KEY, XIANCHOU_PROJECT_ID, XIANCHOU_API_URL, XIANCHOU_CONFIG_DIR) are relevant to authenticating and configuring the CLI. Minor oddity: XIANCHOU_CONFIG_DIR is listed as required even though it is typically optional (defaults to ~/.xianchou); requiring it may be unnecessary but not malicious. Credentials are stored in ~/.xianchou/config.json by the CLI unless overridden.
- Persistence & Privilege
- okalways is false and the skill does not request system-wide privileges. The CLI will persist its own credentials (expected behavior) but does not modify other skills or global agent settings.