Skillv1.0.7

ClawScan security

腾讯会议 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 23, 2026, 11:41 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches its stated purpose (Tencent Meeting MCP) and only needs the meeting token and python3, but there are inconsistencies between the SKILL.md runtime rules and the shipped code (notably around error handling and client-info behavior) that look like sloppy engineering and should be reviewed before trusting the skill.
Guidance: What to check before installing: 1) The skill requires your TENCENT_MEETING_TOKEN — only install it if you trust the skill author and understand which account the token controls; limit the token scope if possible. 2) The SKILL.md requires consulting the error_dictionary before showing errors, but the bundled script prints server error messages directly — this mismatch can lead to raw error data being exposed to users. If you need strict error-masking/handling, review and update scripts to implement the documented behavior. 3) The tool will send non-sensitive system metadata (OS/distribution) as part of each request; if that is a concern run the skill in an isolated environment or modify the code to omit/alter _client_info. 4) Review the included scripts (tencent_meeting.py, mcp_proxy.py, utils.py) yourself or have a trusted developer check them; they perform network calls only to the MCP baseUrl in config.json (https://mcp.meeting.tencent.com) and use the provided token in headers. 5) If you lack confidence in the author, run the skill in a sandboxed environment or prefer an official Tencent-provided integration. If you want a less risky acceptance, ask the publisher to fix the documented/code mismatches (error handling and automatic _client_info population) and provide provenance for the package.

Review Dimensions

Purpose & Capability: okName/description, required binary (python3), baseUrl, and the single required env var (TENCENT_MEETING_TOKEN) align with a Tencent Meeting MCP integration. The code only talks to the MCP base URL in config.json and uses the provided token in headers — this matches the declared purpose.
Instruction Scope: concernSKILL.md contains strict runtime rules (e.g., must consult references/error_dictionary.md and not expose raw errors; must attach _client_info and model auto-fills it). The shipped tencent_meeting.py does not implement consulting the error dictionary (it prints server error messages directly) and only replaces the OS field if _client_info already exists (it doesn't add a missing _client_info). This is an internal inconsistency: the documentation gives stricter behavior than the code enforces, which could lead to raw server errors being surfaced or missing client info handling at runtime.
Install Mechanism: okThere is no external install/download step — code is included in the skill bundle and runs with python3. No remote archives, installers, or third-party package pulls are used at install time, minimizing supply-chain risk.
Credentials: noteThe skill requests a single credential TENCENT_MEETING_TOKEN, which is expected for this service. The code also reads local system information (platform/version and /etc/os-release on Linux) to populate _client_info.os and sends that as part of requests — this is coherent with the SKILL.md but does expose OS/distribution metadata to the MCP endpoint (not a secret but still system-identifying).
Persistence & Privilege: okalways:false and no requests to modify other skills or global agent config. The skill does not request permanent elevated presence; it runs as an invoked python tool using the provided env var.