Skillv0.1.1

ClawScan security

Gsdata · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 4, 2026, 4:41 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches its described purpose (a local adapter for the GSData API) but has inconsistencies around declared credentials and potential local credential-file access that you should review before installing.
Guidance: This skill appears to be a local Python adapter for the GSData API and largely behaves as described, but there are a few things to check before installing: - Credential mismatch: The platform registry lists no required env vars, yet SKILL.md requires GSDATA_APP_KEY and GSDATA_APP_SECRET. Confirm that the skill will only use environment variables you explicitly set and will not silently read other secrets. - Local credential-file access: The adapter defines a default credentials path (~/.config/gsdata/credentials.json). Inspect the full script to see whether it will automatically read that file if env vars are absent — this could cause the skill to access credentials stored on your machine. - Network endpoints and transport: The adapter targets databus.gsdata.cn:8888 (HTTP). Verify whether communications use HTTPS or another secure channel in actual requests; avoid exposing secrets over plaintext HTTP. - Writes and raw calls: SKILL.md requires explicit confirmation for write actions and offers a raw path mode (gsdata_raw). Be cautious with raw paths or '--allow-write' flags — only enable writes when you trust the account/keys in use. - Practical steps: review the full gsdata_adapter.py before installing, ensure you set GSDATA_APP_KEY/SECRET as minimal-scope keys, avoid placing unrelated secrets in ~/.config/gsdata, and test in an isolated environment (or with a throwaway GSData key) if possible. Given the metadata/documentation mismatch and implicit credential-file behavior, treat this skill as suspicious until you confirm the adapter's credential-loading behavior and secure transport.

Review Dimensions

Purpose & Capability: noteName/description, adapter script, and the large endpoint mapping align with a GSData API adapter for social-platform/search/pubsent tasks. However, the skill manifest/registry lists no required environment variables while SKILL.md clearly states it requires GSDATA_APP_KEY and GSDATA_APP_SECRET — this mismatch is an incoherence between what the skill claims and what it needs.
Instruction Scope: noteSKILL.md confines runtime actions to running the bundled Python adapter and the included mapping file, plus guidance to use read-only defaults and require explicit confirmation for writes. That's appropriate. However, the adapter code defines a DEFAULT_CREDS_PATH (~/.config/gsdata/credentials.json) which suggests it may attempt to read a local credentials file if env vars are not supplied; SKILL.md does not mention this behavior. That difference expands the instruction surface beyond the documented steps.
Install Mechanism: okNo install spec — instruction-only with bundled script and JSON mapping. No external downloads or installers observed, and the code/mapping are included in the skill package.
Credentials: concernThe adapter requires an API key and secret to call GSData; that is proportional. But the registry metadata lists no required env vars while SKILL.md names GSDATA_APP_KEY and GSDATA_APP_SECRET — a mismatch. Additionally, the code exposes a DEFAULT_CREDS_PATH which may cause the adapter to read credentials from the user's home directory without explicit documentation in SKILL.md or the registry metadata. Requesting an app key + secret for an external data API is expected, but hidden local credential-file access and the manifest omission are concerning.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform persistence. It can make outbound network calls when invoked (normal for an API adapter). Autonomous invocation is allowed by default (disable-model-invocation=false) but that is the platform norm and not flagged on its own.