Back to skill
Skillv1.0.4
ClawScan security
DeepTrip · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 12, 2026, 2:37 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and network calls align with a travel assistant that talks to deeptrip.ly.com; nothing requested is disproportionate to that purpose, though the script writes a local config file and changes directory permissions (see details).
- Guidance
- This skill appears to be what it says: a travel assistant that calls deeptrip.ly.com. Before installing, consider: 1) The helper script stores any API key you provide in a config.json located in the skill directory (not your home), and the script will change the directory permissions to 700 and the file to 600 — review if that behavior fits your environment. 2) The SKILL.md instructs you to ask users to scan a WeChat login link for smoother booking flows; that is an external authentication step — verify the URL and only enter credentials on sites you trust. 3) No environment secrets are requested by the skill itself, but if you supply an API key, treat it like any other secret. If you need greater assurance, ask the publisher for a homepage or a signed release and consider running the script in an isolated environment first.
Review Dimensions
- Purpose & Capability
- okName/description, provided script, and the documented API endpoint (https://dtgw.ly.com/deeptrip/claw/chat) are consistent with a travel assistant (hotel/flight/sights). No unrelated credentials, binaries, or installs are requested.
- Instruction Scope
- noteInstructions are narrowly scoped to using the included script or calling the declared API. They also instruct the skill/operator to prompt users to open a WeChat login link (for product jump/booking). That login prompt is relevant to booking flows but is an external action the user must trust; the SKILL.md also shows how to store and read an API key from a local config file.
- Install Mechanism
- okNo install spec or remote downloads. The skill is instruction-only with a small helper script included, so nothing arbitrary is fetched or extracted during install.
- Credentials
- okThe skill does not request environment variables, secrets, or system config paths. It optionally stores an API key in a local config.json file (user-supplied), which is a proportionate requirement for calling the service.
- Persistence & Privilege
- notealways:false and no elevated privileges. The included script writes a config.json into the skill directory and sets permissions: it sets the skill directory to mode 700 and config.json to 600; clearing config may attempt to remove the directory if empty. These filesystem actions are limited in scope but may be surprising — they change permissions on the skill directory rather than storing config in the user home directory.