Lanhu Design
AdvisoryAudited by Static analysis on May 6, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may run a separately installed tool whose behavior depends on the version and source the user installs.
The skill's core capability depends on an external CLI that is not included in the submitted artifacts and has no pinned install spec, so its implementation was not reviewed here.
Use the `lh-design` CLI from `xuwenxindeai/lanhu-design-reader`.
Install lh-design only from a trusted source, review its README/source if possible, pin a known version, and avoid running any installer commands you do not understand.
Anyone or any tool with access to these cookies may be able to access private Lanhu design content available to that session.
The skill requires Lanhu/DDS session cookies to access authenticated design data. This is purpose-aligned, but cookies can grant account access and may persist on disk.
The user must provide `LANHU_COOKIE` via shell env, a local `.env`, or `~/.lanhu-design-reader/.env`. If DDS schema reads need a separate login state, use `DDS_COOKIE`.
Use the least-privileged or temporary session possible, protect any .env file permissions, do not paste cookies into shared chats/logs, and rotate cookies if exposure is suspected.