Skillv1.0.0

ClawScan security

Douyin Upload · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 15, 2026, 1:24 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it says (generate content/images and call a local 'sau' CLI to publish), but there are several mismatches and risky coding choices (hard-coded user paths, use of shell execution, and undeclared use of an API key) that warrant caution before installing or running it.
Guidance: What to consider before installing or running this skill: - Validity and provenance: The package appears to come from a developer snapshot (hard-coded paths like /Users/yiwanjun and a sau.sh wrapper pointing to a local venv). Confirm the source or sanitize those paths before use. - OpenAI key: The code optionally uses OPENAI_API_KEY for content/image generation. Although optional, if you provide a key it will be used for network calls to OpenAI. The registry metadata did not declare this env var formally — set keys carefully and use a limited-scope key if possible. - Review the 'sau' tool: The publisher runs an external CLI named 'sau' to perform the actual Douyin upload. That CLI is out-of-band (not provided here). Verify the provenance and behavior of any 'sau' binary you install; do not run untrusted 'sau' binaries. - Shell execution risk: Publishing runs a constructed command string via subprocess.run(..., shell=True). Filenames include the user-provided theme without robust sanitization when used in the command string. Avoid passing untrusted input as theme, or modify the code to call subprocess with a list of args (no shell=True) or properly escape/sanitize file names. - Hard-coded paths: Edit scripts/config.py to point WORKSPACE_DIR and other paths to safe, user-controlled locations (e.g., under your own home) before running. Remove or modify sau.sh's hard-coded PROJECT_DIR if you plan to use it. - Run in isolation when testing: Execute the skill in a constrained environment (non-root account, container, or VM) first to inspect created files (~/.openclaw/workspace, logs, and any .env files). Check logs for unexpected network calls or outputs. - Minimal permissions: Do not provide system-wide credentials or secrets. If you must provide an API key, consider rotating it and restricting its permissions. If you want a safer posture: ask the publisher for a sanitized release (no developer-specific paths), a manifest declaring OPENAI_API_KEY usage, and a change to run external commands without shell=True. Given the current issues, treat this package as 'use after manual review' rather than safe-to-install automatically.

Review Dimensions

Purpose & Capability: noteThe code implements content generation, image creation, and publishing via a 'sau' CLI which aligns with the stated Douyin-upload purpose. However several configuration values are hard-coded to a specific developer user path (/Users/yiwanjun/...), and the included sau.sh wrapper points at a local project venv path — these are unusual for a published, generic skill and suggest the package was packaged from a developer's local environment rather than sanitized for distribution.
Instruction Scope: okRuntime instructions in SKILL.md match the code: generate markdown, create a cover, then run the sau CLI to publish. The skill does access one environment variable (OPENAI_API_KEY) for optional image/content generation (documented in SKILL.md). The code only reads and writes files within the configured workspace and does not attempt to read unrelated system secrets or other user data.
Install Mechanism: noteThere is no registry install spec (instruction-only in metadata) but the bundle includes an install.sh and Python requirements. The install script runs pip install -r scripts/requirements.txt and creates local workspace directories; it does not download arbitrary archives from unknown servers. The presence of a sau.sh wrapper referencing a developer-local path is odd and may mislead users if they copy it to /usr/local/bin without editing.
Credentials: concernThe registry metadata declares no required env vars, yet the code and SKILL.md reference OPENAI_API_KEY as an optional input and the install script writes a .env placeholder. That environment variable access is plausible for higher-quality generation, but the mismatch between declared requirements and actual code usage is a coherence issue. Also the skill will create files under a hard-coded WORKSPACE_DIR pointing to another user's home by default; that is unexpected and should be configurable.
Persistence & Privilege: okThe skill does not request 'always: true' and does not attempt to modify other skills or system-wide agent settings. It writes logs and artifacts under its workspace directories and creates a .env file during install; that is normal for a local utility but users should review created files and paths.