Skillv0.1.2

ClawScan security

发票查验 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 6:15 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill generally matches an invoice-verification purpose but includes device fingerprinting, collects MAC addresses, and defaults to calling an opaque third‑party API host — behaviors that are disproportionate or unexplained and warrant caution.
Guidance: This skill mostly does what it says (verifies invoices) but the bundled Node script collects host-level identifiers (hostname, username, MAC addresses), derives a stable device fingerprint, writes files into ~/.openclaw, and sends data to a default third-party API host (https://51yzt.cn/assetInnovate). Before installing, consider: 1) Do you trust the remote service and its privacy policy? The README/SKILL.md does not disclose what exact data is sent. 2) If you must use it, open and review scripts/invoice_service.js to see exactly what is uploaded (images, invoice text, device identifiers). 3) Prefer a verified vendor or an implementation that documents data handling and uses a known API domain. 4) If you are uncomfortable, avoid granting access to local folders or uploading real invoices; test with dummy data in a sandbox. If you want higher assurance, ask the author for: the service privacy policy, a reputable homepage/source repository, and an explanation why device fingerprints and MAC addresses are needed and how they are used/stored.

Review Dimensions

Purpose & Capability: noteName/description (invoice verification) align with having a node helper that uploads invoice images/text to a remote verification service. However the script collects system identifiers (hostname, username, MAC addresses) and persists identity/config locally — collecting MACs and generating stable device fingerprints is not obviously required for basic invoice verification and is therefore unexpected.
Instruction Scope: concernSKILL.md instructs installation and initialization and supports local paths/uploads for images (expected). But the runtime script (included) reads local files, writes persistent config under ~/.openclaw/invoice-skill, and constructs a device fingerprint from host metadata and MAC addresses. The instructions do not disclose that the skill will gather system-level identifiers or upload files to a remote service, which is scope creep and a privacy concern.
Install Mechanism: okNo automated install spec is provided (instruction-only), so nothing arbitrary is downloaded during install. The skill requires node to run the included script — this is reasonable for a JS helper. (Risk remains because the script will be executed locally.)
Credentials: concernThe skill declares no required env vars, but the code reads several environment values (e.g., INVOICE_API_BASE_URL, OPENCLAW_DEVICE_FINGERPRINT, OPENCLAW_CLIENT_INSTANCE_ID) and will default to a hard-coded API base URL (https://51yzt.cn/assetInnovate). Requesting or deriving persistent IDs and reading network interfaces (MACs) is disproportionate to the stated feature set and raises privacy/credential-exposure concerns. No API keys are declared in metadata although the code supports an appKey and Authorization header.
Persistence & Privilege: concernThe script creates and writes persistent files under the user's home (~/.openclaw/invoice-skill/config.json and identity.json) and derives a stable device fingerprint and client instance id. While local persistence for config is plausible, persistent device fingerprinting and potential storage of appKey without clear user consent are noteworthy. The skill is not always:true, but it does establish persistent identifiers and stored config which persist beyond a single invocation.