Skillv1.0.0

ClawScan security

SZZG007 Web Deep Research · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 14, 2026, 8:32 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's documentation claims cross‑platform web research but the package is instruction‑only and its declared requirements (API keys, local scripts, workspace paths) are missing from the registry metadata — the pieces don't add up and could lead to unexpected data collection or requests for credentials.
Guidance: Do not install or supply API keys yet. Ask the publisher for: (1) the full source or packaged code (those referenced Python scripts and templates), (2) an explicit list of required credentials and why each is needed, (3) how personal data (background checks) is collected, stored, and retained (privacy/legality), and (4) whether the agent will fetch code from external URLs at runtime and what those URLs are. If you must test, avoid providing high‑privilege credentials (e.g., social media tokens or company secrets) until these questions are answered and you can review the code or a trusted release. If the author cannot supply the missing code and a clear data‑handling policy, treat the skill as untrusted.

Review Dimensions

Purpose & Capability: concernThe skill claims automated deep research across 17+ platforms (Twitter/X, YouTube, Amazon, Weibo, etc.), which normally requires platform-specific credentials or scraping code. The registry metadata lists no required environment variables or binaries, yet SKILL.md explicitly names TAVILY_API_KEY and AGENT_REACH_API_KEY and references platform-specific scripts. This mismatch (documentation asking for API keys while package declares none) is incoherent.
Instruction Scope: concernThe SKILL.md instructs the agent to perform background checks (including decision‑maker background), aggregate social media and platform data, and shows example inputs like an email address for '背调'. It also references local scripts (research.py, twitter.py, reddit.py) and a cache path. Because the package contains no code, it's unclear how these actions are implemented; the instructions enable potentially sensitive data collection (people background checks) without specifying limits, retention, or where results are sent.
Install Mechanism: noteThere is no install spec (instruction-only), which is lower risk in that nothing is written by an installer. However, SKILL.md describes a workspace with Python scripts that are not present in the package. That inconsistency could lead the agent to attempt to fetch or generate code at runtime or to fail — users should confirm whether supporting code will be provided and from what source.
Credentials: concernThe skill's registry metadata lists no required env vars, but the SKILL.md lists TAVILY_API_KEY and AGENT_REACH_API_KEY (plus configurable concurrency and language). Requesting API keys for search/social APIs is plausible, but the metadata omission is a mismatch. Also, many target platforms (Twitter/X, YouTube, Alibaba, Amazon, Chinese platforms) commonly require additional credentials or scraping capabilities that are not declared — this is disproportionate/unclear.
Persistence & Privilege: okalways is false and autonomous invocation is allowed (the platform default). The skill does not request system-wide configuration changes or permanent presence beyond typical workspace paths. No explicit privilege escalation or cross-skill modifications are declared.