Skillv1.0.3

ClawScan security

k1-kzcloud-skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 7:32 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior mostly matches its stated purpose (login + query a CXO backend), but there are important inconsistencies and risky choices — notably an opaque IP backend, disabled TLS verification, metadata mismatches, and a Windows-specific token-write — that merit caution before installing or using it.
Guidance: Before installing or using this skill, consider these actions and risks: - Verify the service owner and backend: config.json points to https://36.139.200.220:8081 (an IP). Ask the publisher for an authoritative homepage, privacy statement, or corporate domain. Do not enter your account/password unless you trust that endpoint. - TLS and verification: the Python login script disables SSL verification (requests with verify=False). This makes credential transport vulnerable to MITM; request a version that validates certificates or provide a validated domain and certificate chain. - Metadata mismatches: the registry claims no env vars/binaries required, but SKILL.md and the script require K1_KZClOUD_TOKEN and python3 (SKILL.md also lists node). Ask the publisher to correct metadata to avoid silent surprises. - Token persistence: the script automatically writes the token into the user's environment using a PowerShell command (Windows-specific). If you do not want persistent tokens stored in your user profile, run login manually in a controlled environment and avoid letting the script set env vars for you. - Least privilege: prefer issuing a temporary/test account rather than using primary/production credentials while you evaluate the skill. - Ask for source provenance: request a canonical source (homepage or repo) and confirmation that the backend IP is legitimate and controlled by the expected organization. If you cannot obtain satisfactory answers about the backend and TLS behavior, do not provide real credentials and avoid using the automatic login. Run the script in an isolated VM or sandbox for testing, and consider modifying the script to enable certificate verification and to skip automatic environment writes.

Review Dimensions

Purpose & Capability: noteThe skill claims to query a CXO map service and indeed includes API call patterns and a login helper that obtains a bearer token — which is coherent with the stated purpose. However the registry metadata (no required env vars, no required binaries) contradicts SKILL.md which declares K1_KZClOUD_TOKEN and requires node and python3. That mismatch is unexpected and reduces confidence in the package metadata.
Instruction Scope: concernSKILL.md instructs the agent to call APIs on the backend defined in config.json (an IP address). It also requires obtaining coordinates via an external amap skill. The problematic bits: the login flow transmits user credentials to the IP backend, SKILL.md enforces strict execution of exact API commands (limiting agent discretion), and the login script is written to save the token into a user environment variable automatically. There is no clear provenance/owner for the backend IP — the instructions therefore direct sensitive credentials to an unknown endpoint.
Install Mechanism: okNo install spec — instruction-only plus a small Python script. Nothing is downloaded or installed automatically by the skill package itself.
Credentials: concernThe skill needs a bearer token (K1_KZClOUD_TOKEN) to access the service, which fits the purpose. But the registry showed no required env while SKILL.md and the script rely on that env name (inconsistent metadata). The login script also writes the token into the user's environment (uses PowerShell to set a Windows user env var) and sets os.environ at runtime. Requiring users to provide their account/password to an opaque IP and then persisting a token in the user environment is a sensitive action and should be justified with a trustworthy backend and clear ownership.
Persistence & Privilege: noteThe skill does not request always:true and does not request unusual system-wide privileges. However the login script persists the token into the user's environment (Windows user env via PowerShell), which is a permanent side-effect affecting subsequent sessions — this is normal for convenience but is a persistence decision the user should be aware of. The script also assumes Windows for the persistence step and may behave unexpectedly on non-Windows hosts.