Skillv0.1.1

ClawScan security

Listenhub · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 1, 2026, 2:49 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's scripts and runtime behavior broadly match the described podcast/AV generation purpose, but the package metadata omits key requirements (an API key and home-shell config access) and the scripts can modify your shell config and auto-install packages — review before enabling.
Guidance: This skill contains a full set of scripts that call ListenHub/Marswave APIs and require an API key. Before installing or running: 1) Do not assume the registry metadata lists everything — the scripts require LISTENHUB_API_KEY and will read/write your shell rc files (~/.zshrc, ~/.bashrc, etc.). 2) Inspect the scripts yourself (lib.sh, generate-image.sh) and confirm you’re comfortable with them writing an export line to your shell rc and auto-invoking package managers. 3) If you prefer safer setup, manually create and export LISTENHUB_API_KEY in your environment and set LISTENHUB_OUTPUT_DIR, then avoid running any interactive setup flows that modify files. 4) Run the scripts in a sandbox or dedicated environment (or review and remove the auto-install/write-to-rc behavior) if you want to limit persistent changes. 5) Only provide non-sensitive input/URLs to the backend as the SKILL.md warns; the backend will fetch URLs you pass. If you need the metadata fixed (so required env vars and config paths are declared), ask the publisher to update the package before enabling it broadly.

Review Dimensions

Purpose & Capability: concernThe skill claims to require no environment variables or config paths in the registry metadata, but the shipped scripts and SKILL.md clearly require LISTENHUB_API_KEY and read/write the user's shell rc (~/.zshrc, ~/.bashrc, ~/.profile). That omission is an incoherence: a networked API client should declare its credential requirements and any config-file access.
Instruction Scope: noteSKILL.md enforces that the agent only invoke the provided ./scripts/*.sh files. The scripts implement network calls to api.marswave.ai (and an image endpoint api.labnana.com), validate inputs, poll status, and accept user-provided URLs (which backend fetches). The scripts also read the user's shell rc files to locate API keys and (in generate-image.sh) interactively prompt for and write the API key and output path into shell rc — behavior the SKILL.md does not declare as 'required config paths'.
Install Mechanism: noteThere is no registry install spec, but the scripts themselves attempt to detect and auto-install missing dependencies (jq, curl) using platform package managers (brew/apt/yum/dnf/pacman/choco/scoop), potentially invoking sudo or requiring elevated privileges. The only external downloads are API calls and a non-blocking version lookup from raw.githubusercontent.com. Auto-install behaviour is convenient but can be intrusive; it should be documented in registry metadata.
Credentials: concernScripts require LISTENHUB_API_KEY (and optionally LISTENHUB_OUTPUT_DIR) but the registry metadata lists no required env vars or primary credential. The scripts will attempt to extract API keys from ~/.zshrc, ~/.bashrc, ~/.bash_profile, and ~/.profile and may write an export into that file. Requesting and persisting a single API key is reasonable for this purpose, but failing to declare it in metadata and silently scanning/writing shell rc files is disproportionate.
Persistence & Privilege: concernThe skill is not always-enabled, and it does not request platform-wide privileges in metadata. However, scripts can modify the user's shell rc to save LISTENHUB_API_KEY and LISTENHUB_OUTPUT_DIR, and they perform an auto-install path that may call sudo package managers. Those are persistent changes to the user's environment and should be explicitly declared and consented to.