Skillv0.1.10

ClawScan security

goverment bidding fetcher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 8, 2026, 3:04 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's code matches its stated purpose (scraping local government procurement sites), but the registry metadata omits the many FETCHER_* credentials/configs the code actually uses and the tool will persist bearer/cookie values to a local .env file — review before installing or supplying secrets.
Guidance: This skill's code generally matches its description (scraping Beijing and Hunan procurement sites and creating Excel reports). Before installing: 1) Understand it needs site credentials for the Beijing source (Bearer token and cookies) — only provide these if you trust the source. 2) The tool will write session tokens into a .env file (local .env or ~/.config/govb-fetcher/.env); treat those files as sensitive and remove/revoke tokens after use if needed. 3) The registry omitted declaring these env vars — that's an inconsistency; ask the publisher or inspect the code yourself before supplying secrets. 4) Consider running the package in a sandbox/container or on a throwaway account, and inspect pyproject.toml and the code paths if you plan to install system-wide. 5) If you must use a proxy, ensure it is trusted (attacker-controlled proxy could capture credentials and scraped data).

Review Dimensions

Purpose & Capability: noteThe package code (fetcher.py + config.py) implements exactly the described behavior (fetch pages from Beijing and Hunan procurement sites, filter by keywords, build Excel). Requiring cookies/Bearer for the Beijing source is coherent with the stated purpose. However, the registry metadata claims no required env vars while SKILL.md and the code expect multiple FETCHER_* environment variables (credentials, keywords, proxy settings), which is an inconsistency.
Instruction Scope: noteRuntime instructions and code stay within the scraping/reporting scope: they call only the described vendor domains (zbcg-bjzc.zhongcy.com and ccgp-hunan.gov.cn), read .env/config and environment variables, and produce an Excel file. One behavior to note: the code automatically writes/refreshed session token (FETCHER_BJZC_TBSESSION) back to the chosen .env file, which persists credentials to disk without additional confirmation.
Install Mechanism: noteNo install spec is present in the registry, but the package contains a pyproject.toml and SKILL.md recommends 'pip install -e .'. Installation appears to be a normal local pip install of this Python package (dependencies: requests, openpyxl, python-dotenv). There are no external download URLs or scripts that fetch arbitrary third-party payloads in the manifest — lower-risk but the missing formal install entry in registry is an inconsistency.
Credentials: concernThe code expects several sensitive environment variables (Bearer token and multiple cookie/session values for the Beijing site) and will persist them to a local/global .env file. The registry declares no required env vars; this mismatch means users may inadvertently provide credentials without realizing. Also, FETCHER_PROXY allows routing traffic through a user-provided proxy (legitimate for some users but could be abused if set to an attacker-controlled proxy).
Persistence & Privilege: okalways:false and the skill does not request system-wide privileges or modify other skills. It does persist its own configuration/credentials to either the current directory .env or ~/.config/govb-fetcher/.env (expected for this tool), which is normal but worth noting for credential hygiene.