Skillv1.0.3

ClawScan security

Skill Customs · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 7:58 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches its stated purpose (customs/trade data lookups) but contains inconsistencies and some scope creep (contact-sending claims, metadata mismatches) that warrant caution before installing.
Guidance: Key things to check before installing or giving access: 1) Confirm the required credential: SKILL.md and clawhub.yaml expect TRADEGPT_API_KEY — the registry summary's 'none' is likely wrong; only provide a scoped API key for YunlvAI, not broader credentials. 2) Ask the publisher whether '一键触达' (one‑click outreach) actually sends messages or merely generates templates. If it sends messages, require explicit documentation of which delivery channels are used and what credentials are needed (SMTP, WhatsApp API, LinkedIn token); do not supply those until you understand governance and opt-in. 3) Verify data retention and storage: the skill will store queries under ./data/yunlv-skills/customsScout/ — confirm retention, encryption, and whether sensitive contact data is exfiltrated to third parties. 4) Vendor due diligence: review https://yunlvai.com (privacy, terms, data sources) and consider testing with limited, non-production API key and non-sensitive queries first. 5) If you need to allow sending messages, restrict credentials, enable logging/alerts, and perform an audit after first runs. 6) Because this is instruction-only (no code files), the platform couldn't static-analyze runtime behavior — monitor network activity during initial use.

Review Dimensions

Purpose & Capability: concernThe SKILL.md and clawhub.yaml claim the skill uses YunlvAI APIs and requires TRADEGPT_API_KEY (reasonable for a customs-data service). However the registry summary at the top lists no required env vars or binaries — this inconsistency is unexplained. The skill also promises 'one‑click touch' (emails/WhatsApp/LinkedIn) which would normally require additional credentials or integrations that are not declared.
Instruction Scope: concernThe instructions describe retrieving records, enriching contacts, scoring leads, saving reports under a local path (./data/yunlv-skills/customsScout/) and performing '智能触达' (automatic email/WhatsApp/LinkedIn outreach). The SKILL.md does not include concrete commands, nor does it declare how outbound messaging is performed or which credentials/tools are used. That is scope creep: generating templates is fine, but automatic sending would need additional permissions/credentials which are not documented.
Install Mechanism: noteThere is no install spec or code to run (instruction-only), which lowers risk. However the manifest and SKILL.md list python3 as a required binary even though no code files are present — this is inconsistent and unexplained (why require python3 if nothing will be installed/run locally?).
Credentials: noteThe skill claims a single primary credential (TRADEGPT_API_KEY) to call YunlvAI APIs, which is proportionate for a data lookup service. But the registry metadata at the top of the package incorrectly lists 'Required env vars: none' while both SKILL.md and clawhub.yaml declare TRADEGPT_API_KEY — this mismatch should be resolved. No other secrets are requested, which is appropriate unless the skill truly performs outbound messaging (in which case SMTP/WhatsApp/LinkedIn tokens would be expected).
Persistence & Privilege: okThe skill is not always-enabled and uses default autonomous invocation settings (normal). It indicates storing queries/reports under a local ./data path (self-contained). It does not request system-wide or cross-skill config changes. No 'always: true' or other elevated privileges are present.