Skillv1.0.1

ClawScan security

115 Publish · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 15, 2026, 1:48 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code largely matches its stated 115 网盘 management purpose, but there are security and operational concerns (headless browser usage, disabled TLS verification, persistent cookie storage, and no install spec) that the user should understand before installing.
Guidance: This skill appears to implement the advertised 115 网盘 features, but review these before installing: - Runtime browser: It uses puppeteer to launch Chromium (headless + --no-sandbox). Running a browser from a skill requires extra runtime binaries and increases attack surface; run in an isolated environment and confirm you want the skill to spawn a browser process. - TLS verification disabled: AuthWeb creates an axios agent with rejectUnauthorized: false. That allows accepting invalid TLS certificates (MITM risk). Ask the maintainer why this was added or patch it to true. - Persistent cookies and history: The skill saves cookies (90-day expiry) and stores operation history including user inputs/assistant outputs. Verify what cookie-store does (where it writes, whether it's encrypted, what key is used) and be cautious about storing account credentials on shared hosts. - No install spec: Dependencies (puppeteer, etc.) are not declared for the platform installer. Expect runtime downloads or failures; review package.json and dependency setup before enabling. - Least privilege: Only invoke high-risk operations (login, delete, bulk transfer, cleaning) when you explicitly trust the skill and understand where credentials are stored. Because model invocation is disabled, the agent won't autonomously run these, but the skill will still act when you call it. If you decide to proceed: inspect cookie-store implementation, run the skill in an isolated container or sandbox, patch/remove the rejectUnauthorized override, and confirm the environment can safely run puppeteer/Chromium. If you cannot inspect the code deeply, consider using an official or well-audited client instead.

Review Dimensions

Purpose & Capability: okName/description align with the code: modules implement QR login (multiple strategies), file browsing, search, share/转存, 离线下载 (lixian), smart-organizer and capacity queries. The required capabilities appear consistent with the stated purpose.
Instruction Scope: noteSKILL.md restricts autonomous model invocation (disable-model-invocation: true) and lists allowed tools. Runtime instructions focus on 115 operations. However the implementation persists cookies/session data and keeps operation/history records (userInput, assistantOutput). These are within scope for a manager skill but are privacy-sensitive and should be reviewed (cookie storage/encryption and history retention).
Install Mechanism: concernNo install spec is provided but the code requires dependencies such as puppeteer, axios, qrcode, etc. Puppeteer will generally download/launch a Chromium binary and the code launches it with '--no-sandbox' (and uses headless mode). Absence of an explicit install mechanism means large runtime downloads or missing binaries may occur, and runtime browser execution increases risk surface and resource needs.
Credentials: concernThe skill declares no required env vars but it stores persistent cookies (90-day expiry) and uses them for API calls. Notable security-relevant behaviors: AuthWeb constructs an axios httpsAgent with rejectUnauthorized: false (disables TLS certificate verification) and AuthPuppeteer launches Chromium with --no-sandbox. These weaken transport and runtime protections and are not clearly justified by the SKILL.md. Cookie persistence and history storage are privacy-sensitive and should be inspected (how cookie-store encrypts and where it writes).
Persistence & Privilege: noteThe skill persists credentials/cookies (CookieStore) and session/history data locally; it does not set always:true and model autonomy is disabled in SKILL.md. Persistent cookies are reasonable for a disk-storage manager, but they increase blast radius if the agent or host is compromised — verify storage/encryption and lifecycle (clear/expire).