Back to skill
Skillv1.0.0
ClawScan security
Reddit VOC Lobster Pro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 6, 2026, 8:45 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill claims to auto-scrape Reddit and publish reports to your Cloudflare account, but its files contain hardcoded Cloudflare and Feishu tokens, mismatched declared requirements, and behavior that could publish or leak data to the author's services — review before use.
- Guidance
- This skill is internally inconsistent and carries data-leak risk. Specific things to consider before installing: (1) The Python code contains hardcoded Cloudflare and Feishu tokens — do NOT trust those; they may publish your reports to the author's accounts or send collected data to their Feishu workspace. (2) The skill advertises Reddit scraping but the code uses mocked data; ask the author for the real scraper implementation. (3) If you test it, never run it with your real CLOUDFLARE_API_TOKEN or other production credentials; instead audit and replace embedded tokens with your own limited-scope tokens, or run in an isolated environment with network blocked. (4) Request source provenance (who maintains it) and remove embedded secrets before use. (5) If you want this functionality, prefer a version that: implements transparent Reddit API usage (or documents how data is fetched), has no embedded tokens, documents required env vars in registry metadata, and requires you to explicitly supply your deployment credentials at runtime.
Review Dimensions
- Purpose & Capability
- concernThe README/description claims automated Reddit scraping and Cloudflare Pages deployment. The included Python file does construct and deploy a report, but it does NOT actually implement real Reddit scraping (step1 returns static/mock data). The SKILL.md lists dependencies (apify, wrangler) but the registry metadata declares no required env vars — inconsistent. The presence of hardcoded CLOUDFLARE and Feishu-related tokens in code is not justified by the stated purpose and suggests the author intends to reuse their own accounts.
- Instruction Scope
- concernSKILL.md instructs the agent to deploy reports and mentions CLOUDFLARE_API_TOKEN and CLOUDFLARE_ACCOUNT_ID, but the registry shows none required. The code writes HTML locally and runs 'wrangler pages deploy' with env vars (potentially publishing data externally). It also contains a Feishu/Bitable record URL and a hardcoded BITABLE_APP_TOKEN/TABLE_ID and prints a Feishu link — indicating the skill may (or is intended to) transmit collected data to the author's Feishu workspace. The script's comments reference 'OpenClaw 注入授权' and suggest the agent should use external tools, giving broad discretion to contact external endpoints.
- Install Mechanism
- noteNo install spec (instruction-only plus a code file). SKILL.md lists apify and wrangler as dependencies but nothing is installed automatically. Lack of a controlled install is lower risk than pulling arbitrary archives, but the runtime relies on the 'wrangler' CLI being present and on network access for deployment.
- Credentials
- concernThe skill requires Cloudflare deployment credentials to function, which is reasonable for deploying to your account — but the registry metadata claims no required env vars while SKILL.md names CLOUDFLARE_API_TOKEN and CLOUDFLARE_ACCOUNT_ID. Worse: the code contains hardcoded default values for CF_ACCOUNT_ID and CF_API_TOKEN and hardcoded BITABLE_APP_TOKEN and BITABLE_TABLE_ID (secrets embedded), which is disproportionate and risky because it effectively makes the skill use the author's accounts if you don't override them. Embedded external-service tokens are a high-risk signal for unintended data exfiltration or use of third-party accounts.
- Persistence & Privilege
- notealways is false and there is no install-time modification of other skills or system-wide settings. The skill will invoke networked CLIs (wrangler) and can run subprocesses, which is expected for deployment tasks. The combination of autonomous invocation (default) plus embedded credentials increases blast radius, but autonomous invocation alone is not being flagged.