Skillv1.0.0

ClawScan security

My Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 7:04 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions claim it requires an API key (MY_API_KEY) to interact with https://api.example.com, but the registry metadata omits that requirement and provides no source/homepage — this mismatch and lack of provenance are concerning.
Guidance: The SKILL.md itself is plausible and mostly coherent with the claimed purpose, but the registry metadata omits the required MY_API_KEY and there is no source or homepage listed. Before installing: 1) Ask the publisher to correct the registry metadata to declare MY_API_KEY (and provide a primary credential entry) and to publish source/homepage for review. 2) Request specifics: how the key is validated, how the confirm flow is implemented, and whether requests ever go to endpoints other than api.example.com. 3) If you must test, use a limited-scope, rotateable API key in an isolated/sandbox environment. 4) Prefer not to expose widely-scoped or production credentials until you can review the skill's source or obtain stronger provenance. Because there is no code to inspect and the manifest mismatch could be an oversight or a sign of sloppy/malicious packaging, treat this as suspicious until the developer provides clarifying information.

Review Dimensions

Purpose & Capability: noteThe SKILL.md describes exactly the stated purpose (interacting with https://api.example.com and performing data-changing operations) and includes sensible safety rules (confirmations for destructive actions, no hard-coded keys). However the registry metadata lists no required environment variables or primary credential while the instructions explicitly require MY_API_KEY. That metadata omission is an inconsistency.
Instruction Scope: okThe runtime instructions stay within the declared purpose: parse intent, verify MY_API_KEY, require explicit confirmation for state-changing actions, POST to https://api.example.com/action, handle retries and errors. The skill does not instruct reading unrelated files or sending data to other endpoints. Some operational details are vague (how to validate the key, what the Confirm Function concretely does), which reduces transparency but is not malicious by itself.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files — lowest install risk. There is nothing being downloaded or written to disk by the skill package itself.
Credentials: concernThe SKILL.md requires a secret (MY_API_KEY) which is proportionate to the described API interactions. However, the skill registry metadata does not declare any required env vars or a primary credential, creating an inconsistency: the skill will need access to a secret at runtime but the manifest doesn’t advertise that, and the skill has no listed source/homepage. The agent executing this skill will read an environment secret, so you should confirm provenance and restrict the key's scope before providing it.
Persistence & Privilege: okalways is false and the skill is user-invocable. It doesn't request persistent system-level presence or modify other skills' configs according to the provided files. Autonomous invocation is allowed but is the platform default; this alone is not a red flag.