Skillv1.0.6

ClawScan security

腾讯广告妙问 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 6:27 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requested access are consistent with a Tencent Ads / 妙问 assistant: it needs and uses a local 妙问 API token and calls Tencent endpoints; nothing in the bundle requests unrelated credentials or performs unexplained actions.
Guidance: This skill appears to do what it says: it needs a 妙问 (miaowen) API token and uses it to call Tencent Ads endpoints. Before installing/using: 1) Verify you obtain the token only from the official 妙问 site (https://miaowen.qq.com/) and do not paste other service credentials. 2) Be aware the token is saved as ~/.MIAOWEN_ACCESS_TOKEN (saved plaintext with file mode 600); treat that file as sensitive and remove it if you stop using the skill. 3) When asked to upload a local file, confirm the exact file path — upload.js will send the file to the remote API. 4) Note a minor metadata inconsistency: the package registry lists version 1.0.6 while scripts and SKILL.md reference 1.0.5 — consider asking the publisher for the authoritative source and changelog. 5) If you need stronger isolation, run these scripts from a controlled environment (dedicated account or container) rather than a machine containing other secrets. If you want, I can produce a short checklist of steps to safely set up and later revoke the token.
Findings: [no_findings] expected: Static pre-scan reported no injection signals. There are clear network calls and filesystem operations in the included scripts which are expected for this skill.

Review Dimensions

Purpose & Capability: okName and description match the code and runtime behavior. Scripts call miaowen.qq.com / ad.qq.com APIs and implement chat, structured API calls, upload, and token setup — all expected for a Tencent Ads assistant. No unrelated cloud credentials, binaries, or config paths are requested.
Instruction Scope: noteSKILL.md instructs the agent to extract context from conversation history, to run the included Node scripts (chat.js, api_tool_call.js, upload.js) and to upload user-provided files when doing pre‑audit. These actions are within scope for the described assistant. Note: the skill reads/writes a token file (~/.MIAOWEN_ACCESS_TOKEN) and will read local files that the user explicitly asks to upload — users should ensure only intended files are passed to upload.js.
Install Mechanism: okNo install spec or external downloads; the package is instruction + included Node scripts. No remote code retrieval or archive extraction occurs during install. This is low-risk from install mechanism perspective.
Credentials: noteThe skill requests no environment variables but relies on a local API token stored at ~/.MIAOWEN_ACCESS_TOKEN. Storing the token in the home directory is proportionate to the skill's purpose; setup_token.js writes the token file with mode 0600. Users should be aware the token is stored in plaintext (file system) and is sent in Authorization headers to the documented Tencent endpoints.
Persistence & Privilege: okalways:false and no system-wide config changes. The only persistent write is the token file under the user's home directory (its own config), which is normal for CLI helpers and limited in scope.