Back to skill
Skillv1.0.0
ClawScan security
vwu.ai gemini Models · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 16, 2026, 4:38 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill appears to do what it claims (call vwu.ai Gemini models), but its metadata and instructions are internally inconsistent: it requires an API key and common CLI tools that are not declared, and the shipped script prints part of the API key on error — these mismatches warrant caution before installing.
- Guidance
- This skill legitimately calls vwu.ai and needs your vwu.ai API key, but the package metadata fails to declare that requirement and doesn't list runtime tools the script uses (curl, jq, zsh). Before installing: 1) Confirm you trust vwu.ai and are comfortable sending prompts to that external service; 2) Do not install unless you can supply a dedicated API key (and avoid reusing high-privilege keys); 3) Be aware the included script prints the first 8 characters of your API key in quota error messages (remove or change that behavior if you are concerned about logs leaking key fragments); 4) Ensure curl and jq are available in the runtime environment; 5) Prefer the maintainer update the skill metadata to declare VWU_API_KEY and required binaries and to publish source/homepage for audit. If you cannot verify the publisher or update metadata, treat this skill with caution.
Review Dimensions
- Purpose & Capability
- noteThe skill's stated purpose (call vwu.ai Gemini models) matches the included script and SKILL.md. However, the registry metadata lists no required environment variables or binaries while the SKILL.md and script clearly require VWU_API_KEY and use CLI tools (curl, jq, zsh). This is an incoherence between claimed requirements and actual needs.
- Instruction Scope
- noteSKILL.md and vwu-chat.sh keep to the stated purpose: they instruct how to set VWU_API_KEY and call vwu.ai's /v1/chat/completions. The script only sends the provided prompt to VWU_BASE_URL and returns the model response. A minor issue: on quota errors the script echoes the first 8 characters of the API key (partial exposure) and it references VWU_BASE_URL (overrideable) which is not declared in metadata.
- Install Mechanism
- noteThere is no install spec (instruction-only), which is low-risk. The package does include a shell script file that will be present when the skill is installed; the script itself uses network I/O. No downloads from arbitrary URLs are present. Still, required runtime binaries (curl, jq, zsh/sh) are not declared by the registry metadata.
- Credentials
- concernThe skill requires an API key (VWU_API_KEY) to operate, but the registry metadata does not declare this or mark any primary credential. The script also accepts VWU_BASE_URL as an env override. The missing declaration of VWU_API_KEY and of required CLI tools is a proportionality/visibility problem: the agent/user should be explicitly asked for that credential before installing or enabling the skill.
- Persistence & Privilege
- okThe skill is not marked always:true and has no special persistence or system-wide config changes. It does perform network calls to vwu.ai when invoked (expected for its purpose). Autonomous invocation is enabled by default (disable-model-invocation: false) but that is the platform default and not itself flagged here.