Back to skill
Skillv0.1.0
ClawScan security
Clawfeed · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 25, 2026, 4:14 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is mostly coherent for a self-hosted Node.js news-digest app, but a few gaps (how Twitter ingestion is implemented, and the instruction to run npm install for third‑party native addons) and the lack of packaged code raise caution before installing or running it.
- Guidance
- This is an instruction-only Node.js project and not a packaged binary — before installing or running it: (1) inspect the project's package.json and package-lock (or yarn.lock) to see exact dependency names and versions; (2) verify how Twitter feeds are obtained (look for twitter API client usage or scraping code) — if you rely on Twitter API you should expect additional credentials; (3) run npm install and the service inside an isolated environment (container or VM) because npm packages (especially native addons like better-sqlite3) run code during install; (4) if you enable auth/write features, set a strong SESSION_SECRET and API_KEY and restrict ALLOWED_ORIGINS; (5) review templates and curation rules to ensure no accidental data exfiltration; and (6) avoid running this on sensitive hosts until you’ve audited dependencies and the source code. If you can obtain the full repository (package.json + code) and a list of dependency versions, re-run this evaluation — that would raise confidence.
Review Dimensions
- Purpose & Capability
- noteThe name/description (Twitter + RSS digest) align with the files and endpoints described in SKILL.md (digest endpoints, templates, curation rules). However SKILL.md does not document how Twitter feeds are ingested (no Twitter API keys, no scraping approach described), which is an unexplained gap for the advertised capability.
- Instruction Scope
- okRuntime instructions are limited to standard Node project steps (npm install, copy .env, npm start) and references to local config/templates and an SQLite DB path. The instructions do not ask the agent to access unrelated system files or credentials beyond the project, but they do require editing .env and config files inside the project.
- Install Mechanism
- concernThis is an instruction-only skill that tells you to run `npm install` — which will fetch and run arbitrary packages from the npm registry. The README specifically lists a native addon dependency (better-sqlite3), which may compile native code during install. Because there is no packaged code in the skill bundle and no explicit package.json to inspect here, running install pulls unreviewed third-party code and native build steps — a moderate risk.
- Credentials
- noteThe registry lists no required env vars or credentials, while SKILL.md documents optional env vars (GOOGLE_CLIENT_ID/SECRET, SESSION_SECRET, API_KEY) for auth/write features. Those variables are plausible and proportional. The only minor inconsistency: the description claims 'zero credentials' for read-only mode but the doc then lists several optional secrets for extended features — this is reasonable but should be noted.
- Persistence & Privilege
- okThe skill does not request always:true or system-wide privileges. It runs a local API server and writes a local SQLite DB (`data/digest.db`) — expected for this app. It does not declare modifications to other skills or global agent settings.