Back to skill
Skillv0.2.0
ClawScan security
Liepin Jobs · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 4, 2026, 11:52 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill implements expected Liepin MCP interactions, but the package metadata omits the required user token and a few minor mismatches raise caution before installing.
- Guidance
- This skill appears to be what it says: a CLI wrapper that calls Liepin's MCP server. However, the registry metadata does not declare the required LIEPIN_USER_TOKEN even though both SKILL.md and the script require it. Before installing: (1) confirm you trust the skill's source (check the GitHub repo and commit history); (2) understand the token is an account credential that will be stored under ~/.config/liepin-mcp/config.json and will be sent to the configured MCP URL (default: https://open-agent.liepin.com/mcp/user); (3) prefer setting LIEPIN_USER_TOKEN as an environment variable if you don't want it saved to disk, or rotate the token after use; (4) verify the MCP endpoint URL if you are concerned about a redirected/malicious server; and (5) if you need higher assurance, review the liepin_mcp.py source line-by-line or run it in an isolated environment before providing your real token.
Review Dimensions
- Purpose & Capability
- noteName/description (search, resume, apply on Liepin) matches the included code: a Python CLI that talks to an MCP endpoint and implements search/apply/resume actions. However, the registry metadata declares no required environment variables or primary credential while both SKILL.md and the code require a LIEPIN_USER_TOKEN to function.
- Instruction Scope
- okRuntime instructions focus on obtaining a Liepin user token, running the provided Python script, and following a workflow that checks resume, searches jobs, and requires explicit confirmation before apply. The instructions do not ask the agent to read unrelated system files or exfiltrate data beyond sending the token to the configured MCP URL. The skill will read/write a config file under the user's home (~/.config/liepin-mcp/config.json) to store the token.
- Install Mechanism
- okNo install spec — instruction-only with a single Python script. Required binary is python3 only (declared). No downloads from arbitrary URLs or archive extraction are performed by the skill itself.
- Credentials
- concernThe tool requires a LIEPIN_USER_TOKEN (described in SKILL.md and used by the code) but registry metadata lists no required env vars or primary credential. This mismatch is a notable omission: the skill needs a secret (user token) which will be sent to the configured MCP endpoint. Users should expect that this token gives account-level access on Liepin and will be stored on-disk in the user's config directory.
- Persistence & Privilege
- okThe skill does persist user configuration to ~/.config/liepin-mcp/config.json (its own config path) but does not request 'always' inclusion or modify other skills or system-wide agent settings. Autonomous invocation is allowed (platform default) which increases blast radius only if combined with other red flags; here the main persistence is the local config file.