!
Purpose & Capability
The manifest and SKILL.md describe a local intelligence assistant that monitors Amazon ASINs and TikTok trends. However, much of the implementation delegates data collection to a remote backend (api.haixia.ai) via dist/api/index.js. The SKILL.md did not disclose reliance on an external service or any required credentials. Also the SKILL.md lists required binaries (python3, curl, jq) which are not used by the visible JS code — another mismatch.
!
Instruction Scope
SKILL.md only documents CLI-like commands and automated scan schedules and makes no mention of reading OpenClaw configuration files or exporting tokens. The code (dist/core/config.js -> loadGatewayToken) will read the OpenClaw config file (~/.openclaw/openclaw.json) or the OPENCLAW_GATEWAY_TOKEN env var and then use that token when calling the external API. That behavior is outside the documented scope and not declared to the user.
ℹ
Install Mechanism
There is no install spec in the package manifest (instruction-only install spec missing), but the package contains many JS files and references libraries (e.g., sql.js). No network download/installation URLs were found in the provided manifest, so install risk is moderate — the code will expect node-side dependencies at runtime. The lack of an install specification is a usability/traceability concern but not itself direct malicious evidence.
!
Credentials
SKILL.md declares no required environment variables or credentials, yet the code reads OPENCLAW_GATEWAY_TOKEN or falls back to the user's OpenClaw config file to extract gateway.auth.token and uses it as an Authorization Bearer token for requests to api.haixia.ai. This is disproportionate: a local monitoring skill should not need to read platform gateway tokens unless explicitly documented. Other implicit env vars used in code: OPENCLAW_CONFIG_PATH, OPENCLAW_STATE_DIR, INTEL_API_URL, INTEL_DB_PATH — none declared in SKILL.md.
ℹ
Persistence & Privilege
The skill creates and writes a local SQLite DB under the derived skill state directory (getSkillStateDir -> local.sqlite3) and will persist watchlists, snapshots and alerts — this is consistent with its stated functionality. It does access the platform OpenClaw config (to load gateway token), which means it reads a configuration file belonging to the platform; that cross-config access is a privilege worth flagging because it enables the token export described above.
What to consider before installing
Key issues to consider before installing:
- The code will attempt to read your OpenClaw gateway token (from OPENCLAW_GATEWAY_TOKEN env or ~/.openclaw/openclaw.json) and uses it as a Bearer token for requests to https://api.haixia.ai. If that gateway token is sensitive (authenticates your OpenClaw instance or other skills), installing this skill could expose it to an external service.
- SKILL.md does not mention any credential use or external backend. The required binaries listed in SKILL.md (python3, curl, jq) do not match the JavaScript implementation, indicating sloppy or incomplete packaging/documentation.
- The skill persists data locally (a SQLite DB under your OpenClaw state directory). That is expected, but combined with the gateway-token usage it could leak sensitive context along with the token.
What to do if you consider installing:
- Don’t install in a production environment or on a machine with sensitive OpenClaw credentials until you verify the backend. Run it in an isolated sandbox or VM first.
- Inspect the code yourself (you have the package sources). Search for getIntelApiUrl, loadGatewayToken, OPENCLAW_GATEWAY_TOKEN and api.haixia.ai usage. Confirm whether the external endpoint is trustworthy and why the gateway token is needed.
- If you need this skill but want to limit risk: create a separate, limited gateway token (if OpenClaw supports that) for this skill, or set INTEL_API_URL to a trusted internal endpoint, or unset OPENCLAW_GATEWAY_TOKEN so the skill cannot access your main token.
- Contact the publisher/owner (manifest lists owner 'beansmile' and npmPackageName '@beansmile/skill-cross-border-intel') and ask for a clear declaration of what credentials are required and why data is sent to api.haixia.ai. Verify the package provenance (npm or repo) before trusting it.
Given the clear mismatch between documentation and behavior (token reading + remote calls), treat this skill as suspicious until provenance and credential usage are clarified.
