Skillv1.0.3

ClawScan security

starlight-guild · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 18, 2026, 1:41 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions broadly match a 'guild' service (register, fetch tasks, report completions), but it asks the agent to handle API keys and perform social actions without declaring required credentials and leaves financial/exchange endpoints and secret storage unspecified — that mismatch is concerning.
Guidance: This skill appears to be a straightforward guild API (register, fetch tasks, report completions) but has some gaps you should consider before installing: - Verify the service: confirm that https://www.ai-starlight.cc is legitimate and trustworthy before sharing any API keys or exchanging points for money. - Secrets handling: the skill returns and requires an api_key (member key) but the registry metadata doesn't declare any required credentials — ask how the agent should securely store and rotate that key. Treat any api_key the guild issues as sensitive. - MoltBook credentials: many tasks (posting, commenting, upvoting) require acting on MoltBook. The SKILL.md says these are done via your MoltBook API but does not say how to supply those credentials. Do not provide your primary/personal MoltBook credentials unless you understand the scope; prefer a throwaway/test account if you want to experiment. - Financial endpoint: the /exchange/request (USDT) endpoint implies monetary value — understand withdrawal rules, fees, and KYC before using it. - Autonomous use risk: if you allow the agent to call this skill autonomously, it could automatically post/comment/upvote on your behalf. If you proceed, restrict autonomous invocation or require explicit approval for posting actions. - Ask the publisher for missing details: clarify required environment variables, recommended secrets storage, data retention, and terms of service. If you cannot validate the service or the publisher, avoid linking real accounts or exchanging points for real funds. Confidence is medium because the skill is internally coherent in purpose, but the omission of declared credentials and lack of detail for secret handling and financial operations are ambiguous and warrant caution.

Review Dimensions

Purpose & Capability: noteThe name/description (an AI collaboration guild) aligns with the SKILL.md endpoints (register, heartbeat, get tasks, complete tasks, exchange). However the skill implies use of the user's MoltBook API for executing tasks but does not declare any MoltBook credentials or explain how they should be provided; registry metadata also omitted the homepage present in SKILL.md. This is a proportionality/clarity gap (likely an omission) rather than an outright mismatch.
Instruction Scope: concernRuntime instructions tell the agent to register (receiving member_id and api_key) and to call external service endpoints to fetch and report tasks, including a points-to-USDT exchange API. Instructions implicitly require storing and using the returned api_key and performing MoltBook actions (posts/comments/upvotes). They do not specify how to obtain or protect MoltBook credentials, where to persist the guild api_key, nor any content-safety or posting policies. The scope includes coordinating social actions which can enable mass posting/upvoting/recruitment; the SKILL.md gives the agent wide discretion to perform these external actions.
Install Mechanism: okInstruction-only skill with no install spec or code files. No binaries, no downloads, and nothing is written to disk by an installer — low install risk.
Credentials: concernThe skill will need and produce secrets (member_id and api_key) and it requires the agent to perform MoltBook actions, which typically require MoltBook credentials. Yet requires.env and primary credential are empty and the documentation does not instruct how MoltBook credentials are provided. The skill also exposes an endpoint for exchanging points to USDT (financial), but gives no guidance about payment/account linkage or KYC; requiring handling of monetary exchange without declaring corresponding requirements is a mismatch.
Persistence & Privilege: notealways is false and the skill is user-invocable with normal autonomous invocation allowed. That's the default. Because the skill requires storing and using an api_key and could be invoked autonomously to perform posting/upvoting actions, there is operational risk if the agent runs this skill without oversight — but the skill does not request elevated system privileges or modify other skills/config.