Skillv1.0.0

ClawScan security

vwu.ai Sora Models · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 16, 2026, 5:40 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill largely does what it says (wraps vwu.ai's chat API), but the bundle and metadata omit required environment variables and binaries, and the runtime script exposes part of the API key and uses an undocumented base URL — these inconsistencies merit caution.
Guidance: This skill appears to be a simple wrapper for vwu.ai's chat API, but there are several mismatches and small risks you should consider before installing: - The package metadata says no env vars are required, but the script demands VWU_API_KEY and also uses VWU_BASE_URL ( undocumented ). Ask the publisher to declare required environment variables and explain VWU_BASE_URL usage. - The script requires curl, jq, and a zsh-compatible shell but doesn't declare those binaries. Ensure your runtime has these binaries and review the script before running. - On quota errors the script prints the first 8 characters of your API key to the console. If you run this in shared logs or CI, that may leak part of your key—ask the maintainer to remove or further mask this. - Because VWU_BASE_URL can be overridden via environment, verify you only run this in environments where that variable is trusted; otherwise your key could be directed to an attacker-controlled endpoint. - The source and homepage are unknown; if you plan to use it regularly, obtain a trustworthy upstream/source, or reimplement a vetted client that documents required env vars and avoids logging key fragments. If you accept these caveats and verify the script yourself, the skill is usable; otherwise treat it cautiously or request fixes from the publisher.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (call vwu.ai sora-2 via an OpenAI-compatible API) matches the included script. However the registry metadata declared no required environment variables or binaries while the SKILL.md and vwu-chat.sh clearly require VWU_API_KEY (and rely on curl, jq, and zsh). The metadata omission is an incoherence: a caller or platform expecting no credentials or binaries may not surface required inputs or preconditions.
Instruction Scope: concernSKILL.md instructs setting VWU_API_KEY and calling the provided script; that stays within the stated purpose. However the script accesses an additional environment variable VWU_BASE_URL (defaulting to https://vwu.ai) which is not documented in SKILL.md, and the script prints a masked form of the API key (first 8 chars) to the console on quota errors — this can leak part of the key into logs/terminals. The script otherwise only sends model and prompt to the configured base URL.
Install Mechanism: okThere is no install spec (instruction-only plus a helper script). This is lower risk because nothing is downloaded or executed automatically beyond the included script. Note: the script assumes presence of curl, jq, and a zsh-compatible shell; those binaries are not declared in the metadata.
Credentials: concernThe runtime requires an API key (VWU_API_KEY) but the skill metadata lists no required env vars or primary credential. The script also uses VWU_BASE_URL (undocumented) which could be set to a non-official host to redirect the key. The script exposes the first 8 characters of VWU_API_KEY in error output, which risks partial credential leakage to logs or shared consoles. These are disproportionate transparency/metadata issues that reduce trust.
Persistence & Privilege: okNo elevated persistence requested: always:false, no system config modifications, and the skill does not modify other skills or request permanent platform presence. Autonomous invocation is allowed (platform default) but not combined with other alarming privileges.