Skillv1.0.0

ClawScan security

clawbox-link-to-docs · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 28, 2026, 9:30 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions claim to create Feishu documents from a URL, but there is no declared authentication, connectors, or required tooling—it's unclear how it will access Feishu or perform browser-based extraction.
Guidance: This skill says it will fetch an article and create two Feishu docs, but it does not declare how it will authenticate to Feishu or what tooling it will use to extract content. Before installing or enabling it: (1) Verify how your agent/runtime will provide Feishu access — is there a platform connector or will you need to supply a Feishu API token? If a token is required, confirm what scopes are needed and limit them to only create/update docs. (2) Ask the skill author (or your platform) for details on the extraction method: does it use a headless browser, external scraping service, or simple HTML parsing? Understand any network endpoints involved. (3) Test the skill only with non-sensitive public URLs first and review the created docs and logs. (4) If you cannot confirm where Feishu credentials come from, treat the skill as untrusted until the auth path is documented or required env vars are declared.
Findings: [no_code_files] expected: The scanner found no code files (skill is instruction-only). This is common for skills that rely on the agent runtime and external connectors, but absence of code does not guarantee safety or clarify how external services (Feishu, browser) will be accessed.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose is to create two Feishu docs from a web link, but the package declares no Feishu credential, API endpoint, or connector. Creating/updating Feishu documents normally requires a token or platform connector; the absence of any declared auth/credentials is incoherent with the claimed capability.
Instruction Scope: noteSKILL.md instructs the agent to fetch web content, use alternative extraction paths (including a browser or manual capture), preserve original language/structure, and write/read back docs. These steps are scoped to the stated purpose, but are vague about how extraction and browser capture should be performed and about where auth for Feishu comes from. The instructions do not direct the agent to read unrelated local files or to exfiltrate data to third parties.
Install Mechanism: okThere is no install spec (instruction-only), which minimizes on-disk risk. However, because extraction may require a headless browser or other tooling, the skill's lack of install instructions leaves a capability gap (not a direct install risk).
Credentials: concernNo environment variables, tokens, or config paths are declared even though the skill clearly needs Feishu access and possibly browser tooling. Either the platform provides a Feishu connector implicitly (not documented here) or the skill omits required credentials—this mismatch is a proportionality and transparency concern.
Persistence & Privilege: okThe skill does not request always:true and does not declare persistent system changes. It appears not to request elevated or persistent privileges in its metadata.