Skillv1.0.0

ClawScan security

FMTWiki — 肠菌移植专业知识库 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 14, 2026, 2:32 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The SKILL.md describes a maintenance workflow that requires filesystem writes, a Node/pnpm build environment, and a GLM API key, but the skill metadata declares no binaries, no config paths, and no required environment variables — these mismatches are suspicious and should be resolved before installing.
Guidance: This skill's runtime instructions expect you to (1) allow writes inside /workspace/projects/fmtwiki/ (it will modify src/data/*.ts), (2) have a Node/pnpm build environment to run 'pnpm run build', and (3) supply a MiniMax GLM API key via VITE_GLM_API_KEY. Before installing: verify the referenced GitHub repo and code, confirm you are comfortable giving the agent filesystem/build access, and only add the GLM API key if you trust minimaxi.com. Ask the publisher to update the skill metadata to explicitly declare required binaries (node, pnpm), required config paths (workspace path), and required environment variables (VITE_GLM_API_KEY). If you cannot verify these, run the skill in a sandboxed environment or decline to provide credentials or write permissions.

Review Dimensions

Purpose & Capability: concernThe skill claims to operate and maintain a deployed FMTWiki (updating src/data/*.ts, running scheduled trackers, rebuilding and deploying) which reasonably requires filesystem write access and build tools (node/pnpm). However the registry metadata lists no required binaries, no required config paths, and no required env vars. The SKILL.md also references an external deployment URL and a GitHub repo. The absence of declared runtime requirements is inconsistent with the described capabilities.
Instruction Scope: concernSKILL.md instructs the agent/operator to create a .env with VITE_GLM_API_KEY, run 'pnpm run build', write to /workspace/projects/fmtwiki/.../src/data/*.ts, and execute scripts/tracker.ts for scheduled tasks. Those are file-system modifications, network calls (PubMed verification and MiniMax API), and build commands outside the skill metadata. While these actions fit the maintenance purpose, the instructions grant the agent broad discretion to modify repo files and trigger builds — and the skill metadata does not document or warn about those behaviors.
Install Mechanism: noteThere is no install spec (instruction-only), which minimizes direct install-time risk. However the runtime steps require a Node/pnpm environment and will write build artifacts and data files into a workspace path. Because nothing is installed by the skill package itself, the risk shifts to the execution environment where the agent will run these commands; the skill should have declared required binaries and build expectations.
Credentials: concernThe SKILL.md explicitly asks operators to add VITE_GLM_API_KEY to a .env for MiniMax GLM access, but the skill metadata lists no required environment variables or primary credential. Requiring an API key to enable AI search is plausible for the described feature, but it should be declared in metadata. Also the deployment domain (pvphcoybalzc.space.minimaxi.com) and the MiniMax API URL should be reviewed to ensure they are expected/trusted endpoints before supplying keys.
Persistence & Privilege: notealways is false (good). The skill describes scheduled scripts (tracker.ts) in the repo, but there is no install step that registers cron jobs or persistent services — that means persistence depends on external CI/host configuration. Autonomous invocation (disable-model-invocation=false) is allowed by default; combined with the file-write instructions this increases the importance of confirming what the agent is permitted to modify.