Skillv1.0.0

ClawScan security

v2ex · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 17, 2026, 5:10 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions clearly require a V2EX Personal Access Token, but the registry metadata does not declare any required credentials or config — an inconsistency that should be resolved before use.
Guidance: This skill appears to be a straightforward V2EX API helper, but the package metadata omits the fact that a Personal Access Token is required. Before installing: 1) Verify the skill's source/homepage or contact the publisher to confirm origin and intent. 2) Confirm how you will supply the token to the platform (environment variable like V2EX_TOKEN is suggested by SKILL.md) and that the platform will treat it as a secret. 3) Use a least-privilege/rotatable token and avoid pasting the token into chat or non-secret storage. 4) Ask the publisher to update the registry metadata to declare the required credential so the platform and users can make an informed decision. If you cannot verify the source or ensure secret handling, do not provide your token.

Review Dimensions

Purpose & Capability: concernThe skill's name, description, and SKILL.md all describe a V2EX API integration and the described endpoints match that purpose. However, the metadata declares no required environment variables or primary credential while the runtime instructions and examples explicitly require a Personal Access Token (e.g., V2EX_TOKEN). That mismatch is unexplained and notable.
Instruction Scope: okThe SKILL.md instructions stay within the expected scope of a forum API integration (curl examples, endpoints, pagination, rate-limit guidance, and a sample Python client). They do not instruct reading unrelated system files or contacting unexpected endpoints. They do, however, instruct the use of a bearer token stored in an environment variable even though the registry metadata omits that requirement.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files shipped in the package, which minimizes installation risk (nothing is downloaded or written to disk by the skill itself).
Credentials: concernThe skill legitimately requires a Personal Access Token to call protected V2EX endpoints; that is proportionate to the stated purpose. The concern is that the registry metadata does not declare any required env vars or a primary credential. Without metadata declaring the token, users/platforms may not recognize the secret requirement and may mishandle token provisioning or permissioning.
Persistence & Privilege: okThe skill does not request persistent/always-on presence (always:false) and does not claim to modify other skills or system-wide settings. Autonomous invocation is allowed by default but not combined with other high-risk factors here.