Skillv1.0.0

ClawScan security

火一五知识库技能(Karpathy) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 24, 2026, 2:44 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's description says it will write knowledge files and sync them to a company Odoo knowledge base, but the runtime instructions never explain how Odoo authentication/configuration happens (no required env vars or config paths), so the integration is under-specified and incoherent.
Guidance: This skill appears to be an internal KB authoring + Odoo sync helper, but it omits how Odoo access is performed. Before installing, ask the publisher these questions: (1) Where does the 'odoo_knowledge_create' tool come from and how is it installed? (2) How does the skill authenticate to Odoo — what environment variables or secret/token storage are required? (3) Is there a network endpoint (ODoo URL) and will data be sent outside your environment? (4) Can you review the actual implementation (source code) or a signed package so you can confirm there is no hidden data exfiltration? If you must try it, run the skill in a restricted/sandboxed environment, do not provide real Odoo credentials until you inspect the code, and limit the agent's ability to run autonomously until these gaps are resolved.

Review Dimensions

Purpose & Capability: concernThe skill claims to sync knowledge into a company Odoo knowledge base, which normally requires an Odoo URL, database name, and credentials (or API token). The metadata lists no required environment variables or config paths and provides no homepage or source code — there's no justified mechanism for authenticating to or reaching Odoo. This is disproportionate to the stated purpose and therefore incoherent.
Instruction Scope: noteSKILL.md is mostly scoped to generating files under memory/knowledge/, de-duplicating (grep), extracting entities, tagging, and then calling an external helper 'odoo_knowledge_create' to write to Odoo. It does not instruct reading unrelated system files or exfiltrating data, but it references an external tool without explaining where that tool comes from, how it authenticates, or what data is transmitted. The instructions give broad discretion for merging/updating existing topics (e.g., merge vs new), which could modify many knowledge files if misused.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, which minimizes install-time risk. Declared dependency is python-docx in the SKILL.md header, but no installer or guidance is provided — so the agent may fail if python-docx isn't present, but there's no arbitrary download or archive extraction in the manifest.
Credentials: concernNo environment variables or primary credential are declared despite explicit instructions to sync content to Odoo. Typical Odoo integration requires credentials or a connection endpoint; the absence of any declared env vars (e.g., ODOO_URL, ODOO_DB, ODOO_USER, ODOO_PASSWORD/API_TOKEN) is a clear mismatch and makes the skill's external-network behavior ambiguous.
Persistence & Privilege: okThe skill does not request always:true and is user-invocable only. It does not declare any system-wide config changes. Autonomous invocation is allowed by default (disable-model-invocation is false), which is normal; this is not combined with other high-risk flags.