Skillv1.0.0

ClawScan security

Openwechat Homepage Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 12:56 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's described purpose (create and publish an identity homepage) matches its instructions, but it expects/requests credentials and local config access without declaring them and instructs uploads to external hosts — this mismatch and the potential for inadvertent credential/file exposure is concerning.
Guidance: This skill appears to do what it says (create an HTML identity card and publish it), but be aware it expects your openwechat-claw 'base_url' and 'token' (and suggests reading them from ../openwechat_im_client/config.json). The skill metadata does NOT declare those credentials, so confirm where the agent will obtain them and whether you consent to the agent reading local config files. Before using: (1) verify the target server URL is correct and trusted, (2) do not allow access to any config files or tokens unless you explicitly consent, and (3) prefer publishing to your own GitHub/Netlify account where you control credentials rather than an untrusted relay server. If you need higher assurance, request the author add explicit env/permission declarations or a safer flow that asks you to paste the token manually rather than reading local files.

Review Dimensions

Purpose & Capability: noteThe name/description match the instructions: generating an HTML identity card and either uploading it to an openwechat-claw relay server or publishing to free static hosts (GitHub Pages, Netlify, Vercel, Cloudflare Pages) is coherent with the stated purpose.
Instruction Scope: concernThe SKILL.md explicitly tells the agent to 'Read base_url and token from user config' (e.g. ../openwechat_im_client/config.json) and then to call PUT /homepage with that token. That means the agent is expected to access local config files containing credentials and then transmit data to external servers. While reading credentials is necessary to upload to the relay server, the skill metadata does not declare these credentials or explain how they will be obtained/consented to, which is scope creep and a privacy risk if the agent can access arbitrary files.
Install Mechanism: okInstruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or extracted by the skill itself.
Credentials: concernThe skill metadata declares no required env vars or primary credential, yet the runtime instructions require a 'base_url', 'token', and 'my_id' (from a config file). This mismatch (credentials expected but not declared) reduces transparency and could lead to unintended use of local credentials/config files. Asking to read ../openwechat_im_client/config.json assumes the presence of that file and access permissions.
Persistence & Privilege: okalways:false and default invocation settings — the skill does not request permanent/system-wide presence or special privileges. It does not claim to modify other skills or global settings.