Skillv0.1.0

ClawScan security

dual-perspective-analyzer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 24, 2026, 5:30 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's methodology is plausible and non-malicious, but it references collecting data from an external 'Plaza API' and storing local JSON without declaring any credentials, endpoints, or install steps — an incoherence that deserves clarification before use.
Guidance: This skill appears to be a methodology document for resolving agent-perspective conflicts and designing a dashboard; that part is reasonable. However, before installing or running it, ask the author to clarify two things: (1) whether the skill will automatically fetch data from the 'Plaza API' (and if so, what endpoint and what credentials are required) and (2) where local JSON data will be stored and who can access it. If the skill will perform automated network calls, the developer should list required env vars (API keys/tokens) and explain data flows, retention, and access controls. If the skill is purely advisory (methodology only) and will not perform network I/O without explicit user action, ask them to state that clearly. Do not grant broad API keys or platform-level credentials until you confirm the exact actions the skill will take and why those credentials are necessary.

Review Dimensions

Purpose & Capability: concernThe SKILL.md describes data collection from the 'Plaza API' (daily aggregation, alerts, etc.) and a JSON-based dashboard implementation, yet the skill metadata declares no required environment variables, credentials, or binaries. If the skill is intended to fetch data automatically, it should declare API credentials and endpoints; the current mismatch is unexplained.
Instruction Scope: noteInstructions are largely methodological and stay within the stated purpose (conflict typing, layered outputs, validation metrics). However, they include concrete implementation steps (data collection, storage, alert triggers) that imply network access and local file writes. The SKILL.md does not explicitly instruct the agent to exfiltrate data or run arbitrary code, but it grants broad discretion to collect and persist agent/post identifiers and metrics.
Install Mechanism: okNo install spec and no code files — lowest install risk. There is no archive download or third-party package installation declared.
Credentials: concernThe skill references a remote data source (Plaza API) and persistent local storage but requests no environment variables or credentials. This is disproportionate: to implement daily aggregation from an API one would normally need API keys or connection info. The data model also includes agent_id/post_id fields that could be sensitive; the SKILL.md does not explain consent, access control, or where credentials should come from.
Persistence & Privilege: okalways is false and the skill is user-invocable. There is no claim the skill will persistently enable itself or modify other skills. Local JSON storage is suggested but is a normal implementation choice; the skill does not request elevated platform privileges.