Back to skill
Skillv1.0.0
ClawScan security
Call Aida App · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 14, 2026, 4:15 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and docs are internally consistent with its stated purpose (calling AIDA's chat-messages API); it only asks for an appid (used as a Bearer token) and makes an HTTPS POST to the documented endpoint — nothing in the package attempts to access unrelated credentials or system resources.
- Guidance
- This package appears to do exactly what it claims: send inputs and an appid (used as a Bearer token) to the AIDA chat-messages endpoint and return the result. Before installing, confirm you trust the target domain (aida.vip.sankuai.com) and that the appid you provide is intended to be used as an API token. Note the minor docs mismatch (SKILL.md mentions main.py while the actual script is call_aida_app.py); review call_aida_app.py yourself if you have concerns. If you don't want outbound network calls from your agent, do not install or run the skill in an environment without network restrictions. Finally, prefer providing the appid at runtime (stdin or CLI) rather than storing tokens in long-lived environment variables unless you control the environment.
Review Dimensions
- Purpose & Capability
- okThe name/description claim (invoke AIDA chat-messages API) matches the included code: call_aida_app.py issues an HTTPS POST to https://aida.vip.sankuai.com/v1/chat-messages with Authorization: Bearer <appid>. The package does not request unrelated credentials or external services.
- Instruction Scope
- noteRuntime instructions describe running a script and returning the response fields. One minor inconsistency: SKILL.md instructs running 'main.py' while the repository contains 'call_aida_app.py' (other docs reference call_aida_app.py correctly). This is a documentation mismatch but not evidence of malicious behavior. The instructions and script confine actions to reading provided inputs/env vars and calling the AIDA endpoint; they do not instruct reading arbitrary system files or exfiltrating other secrets.
- Install Mechanism
- okThere is no remote installer or download. install.sh and test.sh are local helper scripts that validate syntax, optionally symlink the skill into ~/.openclaw/skills and run tests. No external code is fetched or executed during install.
- Credentials
- okThe skill does not declare required environment variables; it optionally accepts AIDA_APPID/AIDA_INPUTS/AIDA_USER which are directly relevant to the stated purpose (providing the appid/token and inputs). No unrelated SECRET/TOKEN variables or config paths are requested.
- Persistence & Privilege
- okalways:false and the skill does not modify other skills or system-wide configuration. install.sh offers to create a symlink under ~/.openclaw/skills (user-confirmed) — expected for a user-installed skill. The skill does not request elevated privileges.