Skillv1.0.2

ClawScan security

淘宝/京东/拼多多优惠查询、产品比价 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 17, 2026, 5:57 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill's functionality matches its description, but it relies on an undocumented third‑party API (http://op.squirrel2.cn) that will receive users' full inputs/links and the skill reads environment variables not declared in the registry metadata — this raises data‑exfiltration and transparency concerns.
Guidance: This skill implements the advertised features but performs its work by POSTing your inputs to an external API at http://op.squirrel2.cn. Before installing or using it, consider: - Do you trust that external host? The skill will send any pasted share content, links, or search keywords to that server. Avoid sending personal-sensitive data (passwords, account numbers, payment info) through the skill. - If you don't trust the default backend, you can override API_BASE_URL in the skill's config or environment to point to a self‑hosted/controlled service — the code supports API_BASE_URL via environment variable but the registry does not declare it. Changing API_BASE_URL requires technical steps (editing config.py or setting an env var). - The package requires the Python requests library but the registry metadata doesn't list dependencies; ensure your runtime has requests installed. If you need stronger assurance, request the skill author to: (1) provide a trustworthy, documented backend or allow local processing without an external server; (2) declare environment variables and dependencies in the registry metadata; and (3) explicitly state privacy/data‑handling policies for the backend. If you cannot verify the backend, treat this skill as potentially exfiltrating the text you send to it.

Review Dimensions

Purpose & Capability: okName/description (price comparison, token/link parsing, link conversion) align with the code, formatters, and SKILL.md. The code implements search/convert/parse/compare and formatting consistent with the stated purpose.
Instruction Scope: concernSKILL.md clearly instructs the agent to return the output of handle_message() verbatim. The skill's runtime instructions and code call a remote API to perform core functions (/parse_share, /search, /convert, /compare). That means user messages (share content, links, search queries) are sent to an external server. The SKILL.md does not warn users that their inputs will be transmitted to that third party.
Install Mechanism: noteNo install spec in the registry (lowest risk), but the package contains Python code that uses the requests library. The README suggests pip install requests but the skill metadata doesn't declare dependencies. This mismatch could lead to runtime failures but is not inherently malicious.
Credentials: concernRegistry metadata lists no required env vars or credentials, but config.py reads API_BASE_URL and API_TIMEOUT from environment variables (with defaults). That allows behavior to be altered via environment variables and enables the skill to be redirected to an arbitrary backend. The default backend (http://op.squirrel2.cn) is an external third‑party host; sending user inputs there can expose potentially sensitive data (shared tokens, URLs, or other user content).
Persistence & Privilege: okThe skill does not request elevated privileges or permanent inclusion (always: false). It does not modify other skills or system-wide configs. No concerning persistence behavior is present.