Skillv1.0.0

ClawScan security

微信聊天记录知识卡片提取工具 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 5, 2026, 12:59 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code only parses local WeFlow JSON into a markdown card, but the written instructions claim automatic Feishu storage and use of feishu tools without declaring credentials or showing any network/integration code — this mismatch warrants caution.
Guidance: This skill will parse local WeFlow JSON into a markdown knowledge card (parse_weflow.py does that and nothing more). However, SKILL.md promises automatic storage to Feishu using feishu_bitable_app / feishu_create_doc but the package provides no Feishu integration code or declared credentials. Before installing or running: 1) Confirm where Feishu auth would come from — ask the author for required env vars or an implementation of the Feishu calls. 2) If you plan to upload chat logs to any cloud service, ensure you have consent and appropriate privacy controls. 3) Inspect and run parse_weflow.py locally on sample data to verify behavior (it only writes a markdown file). 4) If you need Feishu automation, prefer a version that clearly documents required tokens, scopes, and uses official SDKs or well-known CLIs rather than relying on unspecified feishu_* tools. 5) If you do not intend to send data out, run the script offline and do not provide any credentials to the agent.

Review Dimensions

Purpose & Capability: concernThe skill states its purpose is to convert WeFlow JSON into a personal knowledge base and store results in Feishu (多维表格/文档). However, the shipped Python (parse_weflow.py) only reads local JSON and writes a markdown file; it does not implement any Feishu API calls, nor does the manifest declare Feishu credentials, required binaries, or dependencies. Expectation: Feishu integration would normally require API tokens/SDKs or a CLI; those are not requested or provided, which is an incoherence between claimed purpose and actual capability.
Instruction Scope: noteSKILL.md instructs the agent to read WeFlow JSON files (e.g., cat /path/to/weflow_export/*.json) and to use tools referenced as feishu_bitable_app or feishu_create_doc to store results. Reading local chat-export files is consistent with the stated purpose, but references to feishu_* tools are vague and unsatisfied by code. The instructions do not ask the agent to read unrelated system files or secrets, which is good, but they leave unspecified where Feishu credentials should come from.
Install Mechanism: okNo install spec is provided (instruction-only with a small helper script). Nothing is downloaded or written to the system beyond using the included parse_weflow.py. This is low-risk from an installation perspective.
Credentials: concernNo environment variables, credentials, or config paths are declared, yet the skill explicitly describes storing data into Feishu. Feishu access normally requires API tokens/credentials (e.g., app_id/app_secret, access token). The absence of any declared required credentials or guidance about where they come from is a mismatch and could lead to accidental exposure (if an agent tries to reuse unrelated credentials) or silent failure. Additionally, the skill processes sensitive personal data (WeChat messages) — storing/transmitting that data requires explicit auth and privacy controls, which are not described.
Persistence & Privilege: okFlags show always:false and user-invocable:true; the skill does not request permanent presence or elevated platform privileges, and it does not attempt to modify other skills or system-wide settings. Autonomous invocation is allowed (default) but not combined with other red flags here.