Env credential access
Critical
- Finding
- Environment variable access combined with network send.
ZhenInsure 真机保险 | Insurance Broker
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is a coherent ZhenInsure insurance-chat proxy, but it handles API keys and paid calls and includes an undocumented base-URL override that could send the key and consultation data somewhere other than the documented service.
Before installing, confirm you trust ZhenInsure and your local configuration. Use a limited API key, check that ZHENINSURE_BASE_URL is not set to an unexpected host, and remember that message calls may cost money and may transmit sensitive insurance, health, or financial details.
Static analysis
Exposed secret literal
Critical
- Finding
- File appears to expose a hardcoded API secret or token.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
If the base URL is set unexpectedly, the user's API key and insurance consultation content could be sent to a different server.
Why it was flagged
The code can send the user's ZhenInsure bearer API key to a base URL supplied by config or environment, although the user-facing documentation describes forwarding to the fixed ZhenInsure domain.
Skill content
const baseUrl = normBase(context?.config?.ZHENINSURE_BASE_URL ?? context?.env?.ZHENINSURE_BASE_URL ?? process.env.ZHENINSURE_BASE_URL); ... Authorization: `Bearer ${apiKey}`Recommendation
Only install or run this with a trusted configuration; remove unexpected ZHENINSURE_BASE_URL values, and the publisher should either remove the override or document and restrict it to trusted ZhenInsure domains.
What this means
Repeated message calls can spend the balance associated with the configured API key.
Why it was flagged
The skill discloses that message calls are billable and exposes the proxy action that triggers those calls.
Skill content
| `/api/v1/skill/chat/messages` | POST | ¥0.15/次 |
Recommendation
Use a key with an appropriate balance or spending limit, and ask the agent to confirm before making billable calls.
What this means
Insurance questions and related personal details entered into the skill are transmitted to the ZhenInsure service.
Why it was flagged
The skill is explicitly a pass-through to an external insurance consultation service, so user messages may include personal, health, or financial details sent to that provider.
Skill content
参数原样透传,响应原样返回 ... ZhenInsure AI 保险咨询服务
Recommendation
Avoid sharing unnecessary sensitive information and review the provider's privacy and data-retention terms before use.
What this means
This does not show malicious runtime behavior, but it makes the package provenance and reproducible install story less clean.
Why it was flagged
The lockfile references a local dependency outside the package even though package.json declares no dependencies and the docs claim zero dependencies.
Skill content
"@zheninsure/core": "file:../shared-zheninsure-core"
Recommendation
The publisher should regenerate the lockfile from the shipped package or include/document any required local dependency.