uctoo-api-skill
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill matches its stated UCTOO API purpose, but it can directly use authenticated API access to create, edit, or delete backend records without clear confirmation safeguards.
Review this skill carefully before installing if your UCTOO backend contains important user, product, order, or business data. It appears purpose-aligned, but you should only use it with accounts whose API permissions you trust, and you should insist on confirmation before any create, update, delete, bulk, or force-delete request.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An interpreted natural-language request could change or delete UCTOO backend records under the logged-in account.
The skill directs the agent to use a generic HTTP tool for real backend calls, including create, edit, and delete endpoints, but does not require explicit user confirmation or a preview before mutating data.
“当用户请求 uctoo 相关的 API 操作时,你必须...直接调用 `http_request` 工具发起 HTTP 请求” ... “`/api/uctoo/entity/add` ... `/api/uctoo/entity/edit` ... `/api/uctoo/entity/del`”
Add mandatory confirmation for add/edit/delete operations, show the exact endpoint and JSON body before sending, and restrict supported endpoints/tables to a documented allowlist.
After login, the agent can make authenticated UCTOO API calls as that user for the session.
The skill uses user login credentials and then reuses the resulting access token for later API calls. This is purpose-aligned, but it is sensitive delegated account authority.
“自动保存:当登录接口返回 `access_token` 时,系统会自动保存到会话中” and “后续请求会自动在 headers 中添加 `Authorization: Bearer {token}`”Only log in with an intended account, avoid sharing unnecessary credentials in chat, and ensure the publisher clearly declares credential/session-token handling and cleanup behavior.
A wrong bulk or force-delete request could affect multiple backend records rather than just one.
The referenced API supports force deletion and bulk deletion. This is documented API behavior, but if exposed without confirmation it can amplify the effect of a mistaken request.
“删除接口...如需真删除,body中增加force参数设置为1...支持多条数据删除,body中以ids参数传删除数据的多条主键数组”
Require explicit confirmation and record counts for bulk or force operations, and default to the safest non-destructive behavior.