Back to skill
Skillv0.2.3
ClawScan security
SJTU SLURM Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 28, 2026, 7:32 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files, runtime instructions, and network endpoints are consistent with a helper for SJTU's HPC (交我算): it requests and manages an HPC bearer token and SSH certificate, stores them in the agent workspace, and calls the SJTU API — nothing in the package requests unrelated credentials or contacts unexpected endpoints.
- Guidance
- This skill appears to do what it claims (obtain an HPC token, create SSH keys/certs, and call the SJTU HPC API). Before installing or using it: 1) Only use on a private, trusted machine — the skill stores tokens and private keys under ~/.openclaw/workspace/.../credentials. 2) Do not paste your HPC password into chat; follow the skill's advice to upload a one-time text file if needed (and verify it is deleted). 3) Verify the API endpoint (https://api.hpc.sjtu.edu.cn) and repository ownership yourself if unsure. 4) If you stop using the skill, revoke the token/certificates via the HPC account. 5) If you need higher assurance, review the three included scripts yourself to confirm no other network endpoints or telemetry are used (they currently only contact the SJTU API).
Review Dimensions
- Purpose & Capability
- okThe name/description claim to log into SJTU HPC, manage jobs, and perform data operations; the included scripts request/refresh tokens, generate SSH keys/certificates, and call https://api.hpc.sjtu.edu.cn — these are exactly the operations needed for the stated purpose.
- Instruction Scope
- noteSKILL.md and the scripts operate only on the agent workspace credentials directory and the SJTU HPC API. A notable point: the skill instructs the agent to ask the user for their HPC username/password (and suggests uploading a text file as a safer alternative) — handling passwords is sensitive but necessary for this flow. The instructions explicitly caution against sending plaintext passwords in chat and advise local storage in the workspace; that scope is appropriate but requires the user to follow the guidance (do not paste passwords into chat, keep workspace private).
- Install Mechanism
- okThere is no automated install step. This is an instruction-only skill with three small Python helper scripts included. No remote downloads, package installs, or archive extraction are performed by an install spec.
- Credentials
- okThe skill requests no environment variables or unrelated credentials. It legitimately requires the user's HPC username/password (to obtain a token) and then stores a token and SSH key/certificate in the workspace; those are proportional to the described functionality.
- Persistence & Privilege
- okThe skill does not request always: true, does not modify other skills, and only writes credentials to its own workspace/credentials path. Autonomous invocation is allowed (platform default) but not combined with unusual privileges.