Skillv1.0.0

ClawScan security

teacher-prep · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 1:52 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description and runtime instructions claim it uses an external search service (Tavily) requiring an API key, but the published metadata does not declare that credential or other runtime requirements, so the package is internally inconsistent and needs clarification before trusting it.
Guidance: Before installing: ask the publisher for the Tavily service endpoint and a clear privacy policy (what data is sent to Tavily and how long it is retained). Confirm that TAVILY_API_KEY is the only credential needed and why it was omitted from the published metadata. Verify the included Python scripts (they appear benign and only generate local .pptx/.docx files) and ensure your environment has python-pptx and python-docx installed from trusted sources. If you will provide any student-identifying data to the tool, confirm the external service's data handling/privacy. If the publisher cannot provide a repo/homepage or explain the missing env declaration, treat this as untrusted and do not supply API keys or sensitive data.

Review Dimensions

Purpose & Capability: concernSKILL.md says the agent must call a third‑party search tool (Tavily) and explicitly mentions a TAVILY_API_KEY; the registry metadata lists no required env vars or credentials. That mismatch is unexpected: a search-backed content-assembly skill legitimately needs an API key, but the metadata does not declare it.
Instruction Scope: noteThe runtime instructions are narrowly scoped to: detect lesson type, query Tavily for texts/metadata, generate a markdown file, a PPTX and a DOCX. The instructions do not ask the agent to read unrelated system files or other credentials. However they direct network/search queries to an external service (Tavily), which is a material runtime action and depends on an API key and service endpoint that are not fully documented here.
Install Mechanism: noteNo install spec (instruction-only) — lower disk/install risk. Two Python scripts are included that use python-pptx and python-docx; SKILL.md lists those Python libraries but there is no declared install step to ensure those dependencies are present. This is likely sloppy packaging rather than malicious, but it reduces transparency.
Credentials: concernSKILL.md states Tavily is required and names TAVILY_API_KEY, but the skill metadata lists no required env vars or primary credential. Requiring an external API key is proportionate to the stated purpose, but the omission from metadata is an inconsistency that could hide where keys are used or transmitted.
Persistence & Privilege: okThe skill is not marked always:true and does not request system-wide config paths or elevated persistency. Autonomous invocation is allowed (the platform default) but not combined with other high privileges.