Back to skill
Skillv1.0.0
ClawScan security
vwu.ai TTS Models · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 16, 2026, 5:40 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill mostly does what it says (calls vwu.ai chat endpoint with a user API key), but there are several inconsistencies and minor risks (missing declared env var in registry, undocumented configurable endpoint, reliance on curl/jq, and partial API-key leaking on error) that you should understand before installing.
- Guidance
- Before installing: (1) confirm the registry metadata is corrected to list VWU_API_KEY as a required credential. (2) Ensure curl and jq are available on the agent runtime or adjust the script; SKILL.md should mention these prerequisites. (3) Be cautious about VWU_BASE_URL — it can redirect requests to any host if you or an attacker sets that env var; don't set it unless you trust the host. (4) Note the script prints the first 8 characters of your API key on quota errors — consider rotating keys if you expose logs to others. (5) The SKILL.md usage example and the script's argument parsing differ; test locally first. If any item is unclear, ask the publisher to clarify or provide a corrected SKILL.md and registry metadata before use.
Review Dimensions
- Purpose & Capability
- noteSkill name/description (vwu.ai TTS models) align with the code and SKILL.md: the script calls vwu.ai chat completions for the two listed models. However, the registry metadata claims no required env vars or primary credential while the SKILL.md and the included script clearly require VWU_API_KEY — this mismatch is inconsistent and should be corrected.
- Instruction Scope
- concernSKILL.md instructs setting VWU_API_KEY and calling a CLI, which matches the script, but it omits mention of VWU_BASE_URL (the script allows overriding the endpoint). The script also assumes curl and jq are available (SKILL.md/registry do not declare binaries). The script prints a masked but partially-identifying prefix of the API key on quota errors, which is a small leakage. The SKILL.md example uses a --model flag but the script expects positional args, a usability/instruction mismatch.
- Install Mechanism
- okNo install spec (instruction-only with a small shell script). That is low risk because nothing is automatically downloaded or installed by the skill bundle itself.
- Credentials
- concernOnly VWU_API_KEY is needed for operation, which is proportionate — but the registry metadata does not declare this required credential. Also the script exposes the first 8 characters of the key on certain errors and accepts VWU_BASE_URL (undocumented) which could be pointed at a non-official endpoint if an environment variable is set.
- Persistence & Privilege
- okThe skill does not request permanent presence (always:false) and does not modify other skills or system-wide settings.