Skillv1.0.0

ClawScan security

Daily Antifraud Report · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 19, 2026, 4:28 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (generate daily Chinese anti-fraud briefings) is plausible, but its instructions mention collecting from WeChat public accounts and pushing results to Feishu while the package only includes a simple Baidu-scraping script and declares no credentials or integration details — this mismatch is suspicious.
Guidance: This skill's goal (daily Chinese anti-fraud brief) is reasonable, but there are important gaps and ambiguities: it mentions scraping WeChat public accounts and pushing reports to Feishu but supplies only a simple Baidu-scraping shell script and declares no credentials. Before installing, ask the publisher to: (1) explain how Feishu posting will be authenticated and add explicit env var names (e.g., FEISHU_TOKEN) if needed; (2) clarify how 微信公众号 content will be accessed (API vs scraping) and provide code or required credentials; (3) add robust scraping/parsing (and rate-limiting and robots.txt/legal checks) rather than brittle HTML greps; (4) fix portability issues (grep -P dependency) or implement a more portable parser. Do not provide production credentials or secrets until integrations and required env vars are explicit and reviewed. If you plan to run it, test in an isolated environment and monitor outbound network activity.

Review Dimensions

Purpose & Capability: concernThe SKILL.md says gather detailed items from sources including 中国新闻网, 人民银行网站, 百度, 知乎, 以及微信公众号 and then push the report to 飞书. The only shipped code is a simple Baidu HTML-scraping script (scripts/search_cn.sh). There is no code or declared env vars to read WeChat public account content or to authenticate/post to Feishu, so required capabilities for the stated workflow are missing.
Instruction Scope: concernInstructions ask the agent to collect detailed case-level data (times, modus operandi, bank names, amounts) and to push results to Feishu. The SKILL.md grants broad discretion about sources (including 微信公众号) but provides no safe, authenticated mechanisms. The included script only performs an unauthenticated Baidu search and then extracts links/titles; it does not implement the richer data collection or the Feishu push described.
Install Mechanism: okNo install spec — instruction-only with a small helper script. This is low-risk from an install perspective. Minor portability note: the script uses grep -oP (Perl regex) which is not available in all environments and may fail on some systems.
Credentials: concernSKILL.md references pushing to Feishu and reading WeChat public accounts, which normally require tokens or API credentials, yet requires.env and primary credential fields are empty. The absence of declared env vars for Feishu/WeChat is an incoherence: either the skill expects credentials to be provided ad-hoc (risk of ad hoc secret entry) or the integration is missing.
Persistence & Privilege: okalways is false and there are no install scripts or config writes. Autonomous invocation is allowed (platform default) but there is no requested persistent privilege. No evidence the skill modifies other skills or system settings.