Back to skill
Skillv1.0.1
ClawScan security
dify-code-interpreter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 9, 2026, 6:23 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill’s purpose (explain code via a Dify chatflow) is plausible, but the SKILL.md requires an API endpoint/key and other runtime params that are not declared in the registry metadata and even contains a hard-coded-looking API key — this mismatch and the potential to send code to an external service are concerning.
- Guidance
- Before installing, verify and correct the manifest: the SKILL.md requires a Dify base URL, chatflow name, and API key but the registry metadata declares none. Ask the publisher to (1) remove or replace any hard-coded API key/example that looks real and confirm whether it is active, (2) declare required credentials in the skill manifest so you can review them, and (3) confirm whether code snippets are sent to an external service or only processed locally. Treat code as potentially sensitive — do not use this skill with private/proprietary code until you confirm the endpoint is trusted and the API key is yours (or rotate it if it was leaked). If you cannot get clear answers, consider avoiding installation or running it only in an isolated environment with a disposable key and a local Dify/Ollama instance.
Review Dimensions
- Purpose & Capability
- concernThe SKILL.md documents required configuration parameters (dify_base_url, api_key, chatflow_name) and runtime dependencies (Python, requests). The registry metadata claims no required env vars, no credentials, and no install steps. That mismatch means the manifest does not truthfully describe what the skill needs to operate.
- Instruction Scope
- concernThe instructions say the skill sends code to a Dify chatflow (and references Ollama/qwen3 and a private knowledge base). Sending arbitrary code snippets to an external service may leak sensitive code or secrets. The SKILL.md does not explicitly constrain what inputs are safe to send or instruct the agent to avoid including secrets in submitted code.
- Install Mechanism
- noteThere is no install spec (instruction-only), which limits on-disk changes. However, the SKILL.md lists runtime requirements (Python 3.8+, requests>=2.31.0) but provides no official install instructions — that disconnect is a documentation/packaging inconsistency to be resolved.
- Credentials
- concernThe SKILL.md requires an API key and base URL for Dify (sensitive credentials), yet the registry metadata lists no required env vars or primary credential. Additionally, the SKILL.md includes a default/example API key-like value (app-pYPzaw...), which is suspicious and could indicate accidental leakage of a real key or careless documentation.
- Persistence & Privilege
- okThe skill is not marked always:true and is user-invocable only; it does not request persistent platform-wide privileges in the manifest.