Skillv1.0.3

ClawScan security

Skill Guangjiao · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 7:58 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill’s stated purpose (Canton Fair lead discovery) largely matches its instructions, but there are inconsistencies in declared requirements and several operational claims (local-only processing, automatic deletion, safe handling of API keys, outbound messaging) that are not verifiable in this instruction-only package.
Guidance: This skill appears to do what it says (mine Canton Fair exhibitor leads via YunlvAI), but there are inconsistencies and unverifiable claims you should check before installing: 1) Confirm whether the skill truly requires TRADEGPT_API_KEY and python3 — resolve the conflicting metadata. 2) Ask the publisher how outbound messages (email/WhatsApp) are sent and what additional credentials or platform permissions will be requested at runtime. 3) Don't assume the privacy guarantees (no key logging, 7-day cleanup) are technically enforced—ask how data retention and logging are implemented and audited. 4) Verify the api.yunlvai.com endpoint and the publisher (yunlvai.com) are legitimate before providing API credentials. If you proceed, consider using a scoped/test API key and restrict any outgoing-message credentials until you confirm behaviour in a controlled test.

Review Dimensions

Purpose & Capability: noteSKILL.md and clawhub.yaml say the skill calls the 云旅AI MatchGPT API and require TRADEGPT_API_KEY and python3 — which fits a lead‑enrichment tool. However the registry summary at the top of the provided metadata lists no required env vars or binaries, creating an inconsistency about what credentials and runtime are actually needed. Also python3 is declared required despite this being an instruction-only skill with no code files.
Instruction Scope: concernInstructions direct the agent to call an external API (api.yunlvai.com), read the included reference files, and write/read local data under ./data/yunlv-skills/guangjiaoFAI — all coherent with the purpose. But the skill also describes automatic contact enrichment, outbound email/WhatsApp sending, and strong privacy guarantees (no API key logging, 7-day cleanup). Because there is no code, those behaviors are aspirational guidance rather than enforced behavior. The skill does not enumerate how outbound messaging will be performed or which additional credentials (SMTP/WhatsApp API tokens) it would request, creating ambiguity and risk of unexpected requests for sensitive credentials at runtime.
Install Mechanism: noteThere is no install spec and no code files — lowest risk for installation. The declared requirement of python3 in metadata is surprising for an instruction-only skill and may be unnecessary; it is a minor inconsistency but not an install-time risk.
Credentials: noteThe skill’s primary credential (TRADEGPT_API_KEY) is appropriate for the documented external API use. No other secrets are declared. The inconsistency between the registry summary (which listed no required env vars) and the included SKILL.md/clawhub.yaml (which do require TRADEGPT_API_KEY) is concerning and should be resolved before use. There is no explicit declaration of SMTP/WhatsApp credentials even though the skill describes sending messages — expect the agent/platform to request additional credentials if it implements automated outbound messaging.
Persistence & Privilege: okalways is false and the skill is user-invocable; it requests to read/write only under a skill-specific path (./data/yunlv-skills/guangjiaoFAI/) and reference files under ./skills/yunlv-skills/references/. That scope is proportional. The claimed automatic data deletion and logging rules are policies in the doc but not enforceable in an instruction-only skill.