Skillv1.0.0

ClawScan security

Baixing Agent CLI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 5:07 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent: it documents installing and invoking an npm CLI that talks to Baixing HTTP APIs and does not request unrelated credentials or privileged system access.
Guidance: This skill is coherent with its stated purpose, but it relies on installing a third‑party npm package. Before installing or running it: (1) inspect the package page and source repository if available (owner, README, repo link, recent activity, download counts); (2) prefer running with npx or inside a disposable container/VM rather than globally installing; (3) avoid setting sensitive environment variables unless necessary; (4) set BX_CONFIG_PATH to an isolated path to avoid overwriting existing config; (5) if you need stronger assurance, review the package source code (or request a signed, audited release) to ensure no unexpected postinstall scripts or network exfiltration behavior.

Review Dimensions

Purpose & Capability: okName, description, and runtime instructions all describe installing/using the npm CLI 'baixing' to call Baixing HTTP endpoints. No unrelated binaries, credentials, or config paths are requested in the metadata, and the optional environment variables mentioned in the docs (BX_API_BASE_URL, BX_CONFIG_PATH) are appropriate for this use.
Instruction Scope: noteThe SKILL.md instructs the agent to install and execute an external npm package and to parse stdout/stderr/exit codes according to the CLI contract. This stays within the declared purpose (invoking the Baixing CLI). Note that running arbitrary npm packages and invoking network endpoints is part of the described behavior — the doc does not instruct the agent to read unrelated files or other environment variables.
Install Mechanism: noteThere is no embedded install spec; the skill relies on installing the package from the public npm registry (npm install -g or npx). Using the official npm registry is expected for a CLI, but npm packages may run lifecycle scripts on install or execute arbitrary code at runtime — review the package on npm (owner, README, source repo, download counts) before installing or prefer npx/sandboxed execution.
Credentials: okThe skill does not declare required environment variables or credentials. The SKILL.md documents two optional env vars (BX_API_BASE_URL, BX_CONFIG_PATH) that are reasonable and limited in scope for pointing to alternate API bases or config locations.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated persistence or modify other skills/settings. Autonomous invocation is allowed by platform default but the skill itself does not request additional persistent privileges.