Skillv1.0.2

ClawScan security

Byteplan Chat · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 13, 2026, 4:59 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill generally matches its stated goal (call BytePlan AI and render charts), but the package metadata claims no required credentials while the code and docs clearly expect and load multiple sensitive environment variables and print full API responses — an incoherence that warrants caution.
Guidance: This skill appears to implement BytePlan integration and chart rendering, but its published metadata incorrectly states it requires no environment variables while the code expects multiple sensitive values (API auth user/pass, login username/password). Before installing: (1) treat any .env you create as sensitive — do not put real production credentials there; prefer a limited-scope or read-only test account. (2) Review main.py lines that log entire API responses (these can contain tokens) and remove or redact verbose prints. (3) Verify the BASE_URL is the intended endpoint (default points at a UAT host) and ensure HTTPS is used. (4) Run the skill in an isolated environment (VM or container) and inspect network traffic if possible. (5) If you will use real credentials, consider adding token caching with secure storage and avoid writing tokens to logs. Finally, ask the publisher to correct the registry metadata to list required env vars and to document what fields the API responses contain so you can judge logging exposure.

Review Dimensions

Purpose & Capability: okName/description (BytePlan chart generation) matches the code and docs: the code calls BytePlan endpoints, obtains a public key, logs in, calls AI endpoints, and renders charts with matplotlib. The requested network access and crypto usage are consistent with that purpose.
Instruction Scope: concernSKILL.md and main.py instruct reading a local .env and performing login flows, RSA-encrypting the user password, calling BytePlan AI APIs, and printing '完整的 API 响应' to console. Printing entire API responses risks exposing sensitive tokens/credentials in logs; instructions also recommend creating a .env with passwords. The runtime instructions do not ask for unrelated system files, but they are permissive about logging sensitive data.
Install Mechanism: okNo download-from-URL install step; dependencies are standard Python packages installed via pip in a virtualenv. No installer pulls arbitrary archives or executes remote code during install. This is low-risk compared with download-style installs.
Credentials: concernRegistry metadata lists no required env vars/credentials, but SKILL.md, .env, main.py, and README expect multiple sensitive values (BYTEPLAN_BASE_URL, BYTEPLAN_AUTH_USER, BYTEPLAN_AUTH_PASS, BYTEPLAN_USERNAME, BYTEPLAN_PASSWORD, etc.). That mismatch is an incoherence: the skill will read and require credentials despite metadata claiming none. The credentials requested are relevant to the stated BytePlan integration, but the metadata omission and the code's verbose logging of API responses increase risk of accidental credential exposure.
Persistence & Privilege: okThe skill is not marked always:true and does not request system-wide configuration changes. It reads its own .env and does not attempt to modify other skills or agent-wide settings. Autonomous invocation is allowed by platform default (not flagged by itself).