Back to skill
Skillv1.0.0
ClawScan security
晓蜜智能外呼 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 15, 2026, 11:34 AM
- Verdict
- Review
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's purpose (automated outbound calls via Alibaba Cloud) is plausible, but the package metadata omits required runtime credentials and a Node runtime while the runtime instructions and included bundled JS clearly require them — this mismatch plus an embedded 3.3 MB executable bundle warrants caution and code review before use.
- Guidance
- What to check before installing/use: - Manifest mismatch: SKILL.md requires ALIBABA_CLOUD_ACCESS_KEY_ID and ALIBABA_CLOUD_ACCESS_KEY_SECRET and running `node scripts/bundle.cjs`, but the package metadata does not declare these requirements. Ask the publisher to update metadata to declare required env vars and the 'node' runtime. - Audit the bundled code (scripts/bundle.cjs) before running: review or request human-readable source to confirm it only calls Alibaba Cloud endpoints (no hardcoded unknown URLs), does not exfiltrate data, and does not execute unrelated system operations. - Limit credentials: use a dedicated Alibaba account with the minimal IAM permissions needed for outboundbot operations; avoid using high-privilege/global credentials. Prefer short-lived credentials if supported. - Test in a sandbox: run with test/outbound numbers and non-production data to verify behavior and costs before production runs. - Privacy & compliance: the skill asks you to aggregate personal data (names, phones, resume fields). Ensure you have consent, comply with local call/telemarketing laws, and redact or minimize PII sent to the skill where possible. - Operational caution: confirm billing/usage impact (outbound calls cost money) and that bound numbers are properly authorized. If you cannot review the bundle or obtain a trustworthy source/origin, treat this skill as higher risk and avoid running it with real credentials or production data.
Review Dimensions
- Purpose & Capability
- concernThe skill's stated purpose (calling Alibaba Cloud 晓蜜 outbound bot) aligns with needing ALIBABA_CLOUD_ACCESS_KEY_ID / SECRET and a bound outbound number. However, the registry metadata claims no required environment variables and no required binaries, while SKILL.md explicitly instructs setting Alibaba Cloud AK/SK and running `node scripts/bundle.cjs`. The absence of declared requirements (node runtime, AK/SK) in the manifest is an incoherence.
- Instruction Scope
- noteSKILL.md stays largely within the stated purpose: it describes collecting phone lists (including reading CRM outputs or customers.json), constructing rich agentProfile background (which will include personally identifiable information), asking for explicit user confirmation before dialing, and then invoking the bundled script to call Alibaba APIs. This is functionally appropriate for an outbound-call skill, but it instructs the agent to aggregate and send potentially sensitive PII (names, phone numbers, resume/CRM fields, etc.) to the runtime script and to Alibaba Cloud — a privacy/compliance risk that should be considered.
- Install Mechanism
- concernThere is no install spec (instruction-only), but the skill includes a large bundled executable script (scripts/bundle.cjs, ~3.3 MB) that will be run with `node`. Bundled code is non-trivial and will execute on the host; the manifest did not declare 'node' as a required binary. Because the script is included as a black-box bundle, it should be audited for unexpected network endpoints, data exfiltration, or other surprises before executing in a production environment.
- Credentials
- concernThe SKILL.md requires ALIBABA_CLOUD_ACCESS_KEY_ID and ALIBABA_CLOUD_ACCESS_KEY_SECRET and binding of an outbound number (reasonable for the stated purpose). However, the skill metadata lists no required env vars or primary credential — this mismatch is problematic. Additionally, the instructions encourage populating agentProfile.background with extensive contextual and PII data; confirm that only the Alibaba outbound APIs receive the data and that credentials have minimal privileges.
- Persistence & Privilege
- okThe skill does not request always:true and does not attempt to modify other skills or global agent configuration. It instructs scheduling a short-lived follow-up (30s) query to report progress, which is an expected operational behavior for asynchronous tasks and not an elevated platform privilege.