Skillv1.0.0

ClawScan security

博查搜索 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 11, 2026, 9:36 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and README require an API key and a config file but the published metadata declares no required credentials or config paths — this mismatch and a minor URL inconsistency warrant caution.
Guidance: This skill appears to be a straightforward wrapper for the Bocha web-search API, but the package metadata omitted that it needs an API key and a config.json. Before installing or providing credentials: 1) Confirm you trust the publisher and the API host — the SKILL.md links to open.bochaai.com but the script posts to https://api.bocha.cn; verify those endpoints are legitimate and intended. 2) Treat BOCHA_API_KEY like any secret: use a dedicated limited-permission key if possible, and do not reuse broader credentials (AWS, GitHub, etc.). 3) Note the script expects config.json at the package root (it reads ../config.json from scripts/); ensure you understand where to put the file and its filesystem visibility. 4) If you need higher assurance, ask the publisher to update registry metadata to declare the required BOCHA_API_KEY and the config path, and to confirm the official API URL. 5) Run the script in an isolated environment or review network traffic if you want to observe exactly what is sent/received before giving it any sensitive keys.

Review Dimensions

Purpose & Capability: concernThe name/description say this is a Bocha web-search plugin and the code implements a simple search POST to an external API. That purpose legitimately requires an API key. However, the skill registry metadata lists no required environment variables or config paths, which is inconsistent with the SKILL.md and scripts/search.js that expect BOCHA_API_KEY or a config.json containing apiKey.
Instruction Scope: noteSKILL.md and scripts/search.js keep scope limited to performing web searches against Bocha's API and formatting results. They do instruct the agent/user to set BOCHA_API_KEY via an env var or a config.json. The README doesn't show any instructions to read unrelated files or exfiltrate data. Minor issue: SKILL.md refers generically to editing config.json but the script reads ../config.json relative to scripts/, which could be confusing when installed/run from other working directories.
Install Mechanism: okNo install spec; this is instruction + included Node script. Nothing is downloaded or written to disk by an installer. Risk from installation is low.
Credentials: concernThe code requires an API credential (BOCHA_API_KEY or config.json apiKey) which is proportionate to a search API plugin. However, the skill metadata incorrectly declares no required env vars or primary credential. That omission reduces transparency and could mislead users about secret requirements.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills, and contains no autonomous persistence behaviors. Default autonomous invocation is allowed but not combined with other privilege escalations.