Back to skill
Skillv1.6.0
ClawScan security
蚁小二 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 2, 2026, 9:58 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill implementation matches a multi-platform publishing tool, but registry metadata omits required credentials and the runtime instructions/code will read local files and upload them to remote endpoints—those mismatches and data-flow implications warrant caution.
- Guidance
- This package appears to be a coherent publishing SDK, but exercise caution before installing or using it: 1) The repository/registry metadata does not list the required environment variable (YIXIAOER_API_KEY) even though the code and docs require it—ask the publisher to correct that. 2) The upload action reads local files and uploads them to service-provided pre-signed URLs: avoid passing paths to sensitive files (e.g., ~/.ssh, system configs, databases). 3) Treat YIXIAOER_API_KEY as a high-privilege credential—only provide it if you trust the remote service and the skill source (this package lists no homepage and has unknown source). 4) If possible, run the tool in a restricted environment (container or limited account) or use a service-scoped API key with minimal privileges. 5) Prefer to verify the remote API endpoint (YIXIAOER_API_URL) and examine network interactions, or request provenance (official homepage or maintainer contact) before using in production.
Review Dimensions
- Purpose & Capability
- noteName, description, docs, and scripts/api.ts consistently implement a social-media multi-platform publishing helper; the requested operations (query accounts, upload resources, publish tasks) align with the stated purpose. However, the skill's registry metadata declares no required environment variables or primary credential while both SKILL.md and scripts/api.ts clearly require YIXIAOER_API_KEY (and optionally YIXIAOER_API_URL). That metadata omission is inconsistent and reduces transparency.
- Instruction Scope
- concernSKILL.md instructs the agent to call scripts/api.ts with a --payload JSON; the code will (a) call the remote API with an Authorization header derived from YIXIAOER_API_KEY, (b) fetch remote URLs, and (c) read local files for upload. Those behaviors are expected for a publisher but expand the skill's runtime surface: running upload action will read arbitrary local file paths provided in payloads and PUT their contents to pre-signed service URLs returned by the remote API. The instructions do not restrict which local paths to use, so a maliciously crafted payload (or careless use) could cause unintended local file disclosure.
- Install Mechanism
- okNo install spec or external downloads are present; the skill is instruction-plus-source only. There are no brew/npm/extract installs or third-party URL downloads in the package.
- Credentials
- concernThe code legitimately needs an API key (YIXIAOER_API_KEY) and optionally YIXIAOER_API_URL; those are proportionate to the service integration. But the package metadata declares no required env vars or primary credential, which is a transparency issue. Also note that the API key grants the skill ability to perform account queries, uploads, updates, and publishes on the remote service, so the key should be treated as a high-sensitivity secret.
- Persistence & Privilege
- okThe skill does not request always:true and does not modify other skills or system settings. It will only act when invoked (user-invocable / agent invocation allowed by default). There is no evidence of attempts to persist beyond its own code files.