Skillv1.0.0

ClawScan security

Support Template Multilang Sync · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 8, 2026, 7:29 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior (sync to Feishu, create GitHub issues, publish to ClawHub) matches its description, but the package metadata omits the sensitive credentials the instructions and reference files say are required — an incoherence that could lead to unintended credential access or surprises.
Guidance: This skill appears to do what it claims (edit templates, sync to Feishu, open a GitHub issue, and optionally publish to ClawHub), but the package metadata omits the credentials it actually needs. Before installing or granting access: 1) Treat FEISHU_*, GITHUB_TOKEN, and CLAWHUB_API_KEY as sensitive; only provide least-privilege tokens (scoped, short-lived if possible). 2) Confirm the skill's source/trustworthiness since the registry 'source' and homepage are missing. 3) If you run the packaging/publish steps, run them manually rather than letting an agent do them autonomously. 4) Review and test the included script locally — it will read whatever file path you pass, so avoid passing sensitive system paths. 5) Ask the publisher to update registry metadata to list required env vars and to document exactly which endpoints and token scopes are used; absence of that information is the primary incoherence here.

Review Dimensions

Purpose & Capability: noteThe declared purpose (edit markdown templates, sync to Feishu, log in GitHub, package for ClawHub) aligns with the instructions and the helper script. Requesting Feishu, GitHub, and ClawHub credentials is proportionate to the stated functionality — but the registry metadata says no env vars/credentials are required, which is inconsistent and misleading.
Instruction Scope: concernSKILL.md explicitly instructs reading and modifying local markdown files and syncing them to external services (Feishu, GitHub, ClawHub). That scope is appropriate for the described task, but the instructions require access to credentials and to run packaging/publish commands when 'credentials are available' — giving an agent discretion to perform networked actions. The skill's instructions do not attempt to read unrelated system files, but the included script will read any file path passed to it, so if invoked with a malicious path it could expose other local files.
Install Mechanism: okInstruction-only skill with one small helper script and no install spec; nothing is downloaded or written by an installer. Low install risk.
Credentials: concernThe SKILL.md and references list several sensitive environment variables (FEISHU_ACCESS_TOKEN or FEISHU_APP_ID+FEISHU_APP_SECRET, FEISHU_WIKI_SPACE_ID, FEISHU_SUPPORT_TICKETS_NODE_ID, GITHUB_TOKEN, GITHUB_REPO, CLAWHUB_API_KEY). Those are reasonable for the declared networked operations, but the skill metadata in the registry declares no required env vars or primary credential — this mismatch is problematic because users (and automated permission reviewers) may not be warned that installing/using the skill will require or use these secrets.
Persistence & Privilege: okalways:false (normal). The skill does not request persistent or system-wide privileges, does not modify other skills' config, and is not auto-forced into all agents. The risk is that the agent could perform networked operations using provided credentials when invoked.