v0.1.0

Zeelin Social Watch

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:34 AM.

Analysis

Zeelin Social Watch is mostly a purpose-aligned GSData social-monitoring adapter, but it should be reviewed because it defaults to a plain-HTTP authenticated API endpoint and exposes a broad raw API path.

GuidanceReview this skill before installing. If you proceed, use dedicated least-privileged GSData keys, prefer or configure an HTTPS endpoint if GSData supports one, avoid gsdata_raw unless you have reviewed the exact endpoint, and only approve write actions after checking the route and parameters.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

gsdata_adapter.py

tools.add("gsdata_raw") ... if tool == "gsdata_raw": ... return path

The adapter exposes a raw mode that accepts an explicit API path instead of limiting calls to the curated tool/action/platform routing.

User impactThe agent could be directed to call GSData endpoints outside the documented workflows, including endpoints the user did not expect to make available.

RecommendationDisable or avoid gsdata_raw unless the exact path, parameters, and impact have been reviewed and explicitly approved.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

SKILL.md

If a module cannot be found, you may need to run `pip install requests` once.

The setup guidance depends on a user-run, unpinned package installation outside a formal install specification.

User impactInstalling packages can change the local Python environment, and the artifact does not pin the exact dependency version.

RecommendationInstall dependencies from a trusted package index in a controlled environment, and consider pinning or verifying the requests package version.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

Authentication is handled via the `GSDATA_APP_KEY` and `GSDATA_APP_SECRET` environment variables. ... For write-like actions, require `--allow-write`.

The skill uses delegated GSData credentials and documents write-capable operations with an explicit confirmation and allow-write requirement.

User impactInstalling the skill gives the agent access to the GSData account associated with those keys, and confirmed write actions can change GSData account configuration.

RecommendationUse least-privileged GSData credentials, keep secrets out of chat, and confirm write actions only after reviewing the route and parameters.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityHighConfidenceHighStatusConcern

gsdata_adapter.py

DEFAULT_BASE_URL = "http://databus.gsdata.cn:8888/api/service" ... return base64.b64encode(f"{app_key}:{sign}:{router}".encode("utf-8"))

The adapter defaults to a non-HTTPS GSData provider endpoint while constructing an authenticated access token from the app key, request signature, and route.

User impactAuthenticated request metadata, query parameters, and API responses could be observed or tampered with on the network if the default HTTP endpoint is used.

RecommendationUse an HTTPS GSData endpoint if available; otherwise use dedicated least-privileged keys on a trusted network and rotate keys after use.