Skillv1.0.1

ClawScan security

AI开发者发布助手 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 17, 2026, 9:06 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated workflow (search → image gen → WeChat article) matches its name, but its instructions reference external services and automated publishing while not declaring the credentials or config paths those actions require — this mismatch is concerning and should be clarified before use.
Guidance: This skill appears to do what it advertises (research, image gen, article generation), but it omits critical operational details. Before installing or providing credentials: 1) Ask the author to explicitly list required environment variables (Brave Search API key, Google/Gemini or vendor key for nano-banana-pro, WeChat AppID/secret or token, and any Feishu webhook/token) and explain how they are used/stored. 2) Verify whether the WeChat 'automatic upload/publish' is opt-in and which exact endpoints are used (don't supply full-account/high-privilege credentials without confirmation). 3) Treat credentials conservatively: use limited-scope/test accounts or revokeable tokens for initial testing. 4) Confirm whether the skill will only access public GitHub data (README) and will not attempt to read local files or secrets from your environment. 5) If you need automated posting, test in a sandbox/wechat test account and request an explicit privacy/data-handling statement from the maintainer. If the author cannot clarify the missing credential/config requirements and endpoints, avoid providing sensitive keys and consider the skill suspicious.

Review Dimensions

Purpose & Capability: noteThe skill's capabilities (competitor research, cover image generation, WeChat article creation) align with the name/description. Declared dependencies (brave-search, nano-banana-pro, wechat-article-pro) are plausible for the stated tasks. However, some described capabilities (automatic upload/publishing, notifications via Feishu) imply additional integrations that are not documented in requirements.
Instruction Scope: concernSKILL.md/workflow explicitly instructs the agent to fetch GitHub README info, call web search, generate images with Gemini 3 Pro, and auto-upload images and articles to a WeChat account. It also references DuckDuckGo search results and automatic upload/publish steps. Those runtime actions involve network calls and credentials, but the skill does not declare where/how those credentials are provided. The instructions also reference a notifications channel 'feishu' in workflow.json but provide no config for that channel.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files to execute. That lowers installation risk; nothing is downloaded or written by an installer. Risk comes from the external services the instructions call, not from installation.
Credentials: concernThe README and SKILL.md mention the need for a Brave Search API key, WeChat AppID (for publishing), and use of Gemini (nano-banana-pro) — all of which ordinarily require credentials. Yet requires.env / primary credential fields are empty. The skill also lists a Feishu notification channel but no token/config. Requiring networked publishing/search/image services without declaring required secrets is a proportionality and transparency problem.
Persistence & Privilege: notealways is false and the skill is user-invocable (normal). The skill can be invoked autonomously per platform defaults; combined with the external publishing actions described, this increases blast radius if credentials were provided implicitly, so confirm how and when the skill can post content.