Skillv1.0.5

ClawScan security

keyue-call · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 20, 2026, 2:33 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions are coherent with its stated purpose (creating Baidu AIOB outbound-call tasks); it asks for the expected credentials via a config file and contains no obvious unrelated or hidden behavior.
Guidance: This skill appears to do what it says: it reads a local config.json with accessKey/secretKey/robotId/mobile, obtains an access token from aiob-open.baidu.com, and creates realtime outbound-call tasks. Before installing or using it, consider: (1) protect the AK/SK — store them securely, restrict their permissions, and rotate them if possible; don't commit config.json to repos; (2) test with safe phone numbers to avoid accidental calls or charges; (3) review logging: the script prints request and response JSON (and can include error dumps) which may reveal PII or platform-returned identifiers — adjust or remove such prints if you need to avoid leaking data to agent logs; (4) verify the callback_url/extJson values you pass to avoid exfil of data to attacker-controlled endpoints; (5) confirm the agent enforces the SKILL.md's rule that default config mobile is used only for 'call me' cases and that the agent prompts for a target number for third-party calls. Source/homepage are missing; if you require provenance assurance, request an upstream homepage or vendor contact before deployment.

Review Dimensions

Purpose & Capability: okThe skill claims to create AIOB realtime outbound call tasks and the included Python script implements token retrieval and the realtime-create API against aiob-open.baidu.com. Required values (accessKey/secretKey/robotId/mobile) align with that purpose; no unrelated credentials or binaries are requested.
Instruction Scope: noteRuntime instructions limit activities to extracting parameters, reading a local config.json, obtaining a token, and calling the AIOB realtime API — all expected. Two notes: (1) the script prints the request body and the remote response to stdout, which can expose PII or platform-returned identifiers in agent-visible logs; (2) on token-get failure the raised error includes the raw JSON response (json.dumps(data)), which could leak sensitive API response fields in error logs. The SKILL.md itself warns not to expose AK/SK, but the code should be reviewed to ensure logs never contain secrets.
Install Mechanism: okNo install steps are defined; this is an instruction+script skill. No external downloads, package installs, or archive extraction are present in the bundle.
Credentials: noteThe skill stores/reads credentials via config.json (accessKey/secretKey) rather than environment variables. That is proportionate to the stated purpose, but these keys grant the ability to create outbound calls (and possibly incur billing/costs). Ensure keys are scoped/minimized and stored securely (not checked into repos). The skill does not request unrelated secrets.
Persistence & Privilege: okalways is false and the skill does not request persistent system-wide privileges or alter other skills. It runs when invoked (or via cron scheduling described by SKILL.md) which is appropriate for its purpose.