Back to skill
Skillv1.0.0
ClawScan security
Xunlei · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 16, 2026, 9:20 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is coherent with a Xunlei download/NAS assistant, but its runtime instructions recommend running an unverified Docker image with --privileged and host networking—this is disproportionate and risky.
- Guidance
- This skill's documentation legitimately covers Xunlei and NAS topics, but the Docker example is risky. Before running anything from this skill: (1) do not blindly run the provided docker run line — avoid --privileged and --net host unless you fully understand the need; prefer least-privilege flags and explicit capability additions; (2) verify the Docker image source (cnk3x/xunlei:latest), inspect its Dockerfile, and scan the image for malware; (3) avoid mounting sensitive host directories or use read-only mounts and a dedicated, minimal download folder; (4) run the container inside a restricted VM or sandbox if possible; (5) restrict network exposure (don’t open ports to the public) and apply firewall rules; (6) ask the skill author to remove the privileged example and to provide official image provenance or an alternative installation method. If you cannot verify the image and its need for elevated privileges, do not run it on production/home hosts.
Review Dimensions
- Purpose & Capability
- okName/description match the SKILL.md content: download acceleration, cloud/offline download, remote/NAS integration and tips. The skill does not request unrelated env vars, binaries, or config paths.
- Instruction Scope
- concernMost instructions stay within download/NAS scope, but the provided Docker deployment example uses --privileged, --net host, and hosts volume mounts and an exposed port. Recommending a privileged container and host networking is not necessary for typical downloader/NAS usage and grants broad host access. The SKILL.md does not instruct verifying the container image source or integrity (cnk3x/xunlei:latest).
- Install Mechanism
- noteThere is no formal install spec (instruction-only), so nothing is written by the skill itself. However, the instructions imply pulling and running a Docker image from an unverified repository—pulling images is effectively downloading and executing third-party code, which carries risk.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths, which is proportionate for the stated functionality.
- Persistence & Privilege
- concernThe skill is not always-included and allows normal autonomous invocation (platform default). The main concern is the advice to run a privileged Docker container and host networking: if a user follows that guidance, the container would have elevated host privileges, increasing the blast radius of any malicious or vulnerable image.