Back to skill
Skillv1.0.0
ClawScan security
subtitle-refiner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 9, 2026, 7:06 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill largely does what it says (uses SiliconFlow to refine SRTs and send results to Feishu), but there are notable mismatches and privacy/leakage risks (registry metadata omission of required API key, the runtime prints the full API key and full request/response JSON to stderr, and Feishu auth handling is unclear).
- Guidance
- Before installing or enabling this skill: 1) Treat SILICONFLOW_API_KEY as required despite the top-level registry metadata omission; do not set a production key until you review/modify the code. 2) Inspect scripts/refine.py completely (the visible portion already prints the Bearer token and entire request/response JSON to stderr) — remove or silence any logging that prints the API key or full response bodies. 3) Verify how Feishu file sending is authenticated (the SKILL.md asks for chat_id but provides no Feishu token variable); confirm there is no hidden upload endpoint or unexpected external recipient. 4) Consider running the skill in an isolated environment with a throwaway API key and without sensitive subtitles to observe behavior. 5) Ask the author to fix the manifest inconsistency (declare required env vars) and to stop logging secrets and full user content. If you cannot confirm these fixes, do not provide real API keys or sensitive files to this skill.
Review Dimensions
- Purpose & Capability
- noteThe description, SKILL.md and code all describe using the SiliconFlow LLM to refine SRT files, so requiring SILICONFLOW_API_KEY is coherent with purpose. However the registry metadata at the top (Required env vars: none) contradicts SKILL.md and the code which expect SILICONFLOW_API_KEY — an inconsistency that should be resolved before trusting the skill.
- Instruction Scope
- concernSKILL.md instructs the agent to run scripts/refine.py and to obtain a Feishu chat_id from context and a workspace dir. The script (visible portions) logs full request payloads and the Authorization header (Bearer <API_KEY>) and full response JSON to stderr — this will expose the API key and user's subtitle content in logs. SKILL.md also promises sending files to Feishu but does not declare any Feishu credentials or explain how auth is performed, creating ambiguity about where data and files are sent and what credentials are used.
- Install Mechanism
- okThere is no external installer or remote download; the skill is instruction-only with packaged Python scripts. That reduces installer risk. The skill does rely on Python and the requests library (which may need to be present), but no high-risk install URL or archive extraction is present.
- Credentials
- concernRequiring SILICONFLOW_API_KEY is proportionate to using SiliconFlow. However: (1) the registry metadata omitted that requirement (incoherent declarations); (2) the script prints the API key to stderr (leaks a secret); and (3) the skill sends output to Feishu but does not declare Feishu credentials/environment variables, so it's unclear what credentials the script will use to post files — this ambiguity plus explicit key-leaking is a privacy/security concern.
- Persistence & Privilege
- okThe skill is not set to always:true and does not request system-wide configuration changes. It does include code that will be executed (Python), but it does not request permanent platform privileges in the manifest.