Skillv1.0.0

ClawScan security

hot-topic-ideator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 27, 2026, 3:26 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's runtime instructions match its stated purpose (generating 小红书热点选题) but its packaging is inconsistent and asks for an unexpected binary; the SKILL.md also requires an API token that the registry metadata does not declare.
Guidance: Key points to check before installing: (1) Ask the publisher why a 'uv' Homebrew formula is required — the SKILL.md only uses curl/HTML; avoid installing unexplained binaries. (2) The SKILL.md needs CHATDAM_API_TOKEN but the registry metadata does not list required env vars — request that the manifest be corrected to declare CHATDAM_API_TOKEN and explain required token scopes; prefer a read-only, limited-scope token. (3) Verify the API host (https://asset.tezign.com) is the intended/official provider and that giving it a token is acceptable for your data policy. (4) If you must test, run in an isolated environment (VM/container) and do not reuse high-privilege credentials. (5) If the publisher cannot justify the 'uv' install or fix the metadata mismatch, consider this skill untrusted or request a corrected package that either removes the install or documents its purpose.

Review Dimensions

Purpose & Capability: concernThe SKILL.md describes exactly the advertised purpose (search 小红书 notes via a ChatDAM API, analyze engagement, and output an HTML/PDF report). However the registry declares a required binary 'uv' (installed via a brew formula) which is not referenced or justified anywhere in the instructions; requiring 'uv' appears disproportionate to an instruction-only skill that only uses curl and HTML generation.
Instruction Scope: concernInstructions are specific and constrained to calling asset.tezign.com/chatdam endpoints, computing scores, and producing an HTML report — that matches the purpose. But SKILL.md requires an environment variable CHATDAM_API_TOKEN for API calls while the skill's declared metadata listed no required env vars; this mismatch is a packaging/integrity problem. There are no instructions to read unrelated local files or exfiltrate extra data.
Install Mechanism: concernThe registry includes a brew install for formula 'uv' despite the skill being instruction-only and the instructions not referencing 'uv'. Installing a new binary from Homebrew for no explained reason is disproportionate. While a Homebrew formula is lower risk than arbitrary downloads, an unexplained install is a red flag and should be justified (what is 'uv' used for, which tap, and why is it required?).
Credentials: concernThe runtime requires CHATDAM_API_TOKEN (used in all curl calls to asset.tezign.com) which is a reasonable, narrowly scoped credential for the described API. However the skill manifest did not declare any required env vars or a primary credential — that inconsistency weakens trust. The token's required scope is unspecified; the user should confirm minimal scope (read-only) before providing it.
Persistence & Privilege: okThe skill does not request persistent presence (always:false), does not declare config paths, and does not attempt to modify other skills or system settings. Autonomous invocation is allowed (platform default) but not combined with other escalations here.