Back to skill
Skillv1.0.2
ClawScan security
TencentAds-miaowen-qa · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 6:00 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's files and instructions are consistent with its stated purpose (calling Tencent 妙问 API) and do not request unrelated credentials, but it asks the user to paste a sensitive token into chat and stores that token on disk — a privacy/risk consideration the user should understand before installing.
- Guidance
- This skill appears to do what it says (call Tencent 妙问 for Tencent Ads questions) and the scripts are short and readable. Before installing, consider the following: 1) Do NOT paste your API key into the public chat if you want to keep it out of platform logs — instead run scripts/setup_token.sh locally in your own shell to save the token, or use a secure input method if available. 2) Inspect scripts/chat.sh and setup_token.sh yourself (they are included) and confirm the API endpoint (https://ad.qq.com/ai/gw/ai_customer_service/v1/open_api/chat) is expected. 3) If you must paste the token into chat, treat the token as sensitive: rotate/revoke it after testing and limit its permissions if the provider supports scoping. 4) Prefer storing the token in a secure location and ensure file permissions are enforced on your OS. 5) If you have regulatory or privacy concerns about sending secrets through the platform's conversation logs, do not provide the token via chat and instead perform API calls locally.
Review Dimensions
- Purpose & Capability
- okName/description, SKILL.md, and the two scripts all align: the skill calls Tencent 妙问 (ad.qq.com) via curl using a user-provided Access Token stored at ~/.MIAOWEN_ACCESS_TOKEN. No unrelated services, binaries, or credentials are requested.
- Instruction Scope
- noteInstructions direct the agent to run scripts/chat.sh with the user's question; the script handles token checks, API calls, and returns distinct exit codes. However, SKILL.md explicitly instructs the user to paste the Access Token into the chat so the agent can save it via scripts/setup_token.sh — this exposes a secret in the conversational channel which may be logged or retained by the platform. The token is legitimately needed for API calls, but the recommended collection method (pasting into chat) increases exposure.
- Install Mechanism
- okNo install spec; the skill is instruction-only with two small Bash scripts. No third-party downloads or archive extraction are performed. Risk from installation is low, but users should still inspect the scripts (they are short, readable) before executing.
- Credentials
- noteThe skill requests no environment variables and only relies on HOME and curl (reasonable). It stores a single required credential (MIAOWEN_ACCESS_TOKEN) in a file under the user's home directory with an attempt to set permission 600. This is proportionate to the task, but storing a long-lived token locally combined with collecting it via chat increases the token exposure risk.
- Persistence & Privilege
- noteThe skill writes the token to ~/.MIAOWEN_ACCESS_TOKEN so subsequent invocations won't require re-entry; this is normal for convenience. always:false and no modifications to other skills or system-wide configs. Be aware: once stored, the token enables future API calls without further user interaction, so keep it scoped and revocable.