Back to skill
Skillv1.0.0
ClawScan security
Indigo Governance · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 10, 2026, 10:26 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (query governance parameters and polls) matches its instructions, but it omits how on-chain data is retrieved and grants file-read tools — both are gaps that deserve caution before installing.
- Guidance
- Before installing: 1) Ask where the get_protocol_params / get_temperature_checks / get_polls tools obtain their data — do they use a platform indexer, a public subgraph, or require an RPC endpoint/API key? If the latter, confirm what environment variables you must supply and whether those secrets will be used only for this skill. 2) Confirm the platform's implementation of the MCP tools (they may carry network access and credentials) — request documentation or source. 3) Consider removing or restricting the allowed-tools (Read/Glob/Grep) if your environment disallows skill file reads; these tools permit file access beyond the skill's stated needs. 4) Note provenance gaps: source and homepage are missing and manifest version differs from SKILL.md metadata — prefer skills with a public repository or clear maintainer info. If you cannot verify how on-chain data is accessed, treat the skill as untrusted and avoid exposing private RPC keys or system files to it.
Review Dimensions
- Purpose & Capability
- noteThe name/description and the SKILL.md workflows align: the skill only describes calling get_protocol_params, get_temperature_checks, and get_polls to present governance data. However, the skill declares no environment variables or endpoints for accessing on-chain data (RPC node, indexer, subgraph, or API key). Querying chain state typically requires an RPC or indexer access; the absence of declared credentials/endpoints is a potential inconsistency unless these MCP tools are provided by the platform with built-in access.
- Instruction Scope
- noteThe runtime instructions are narrowly scoped: call the listed MCP tools and format results. They do not instruct reading user files or environment variables. However, SKILL.md lists allowed-tools: Read, Glob, Grep — which allow file reads on the host. That capability is not needed for the described workflows beyond reading the included reference files, so it expands the skill's ability unnecessarily and should be reviewed/limited.
- Install Mechanism
- okThis is instruction-only with no install spec and no code files to execute. That minimizes disk persistence and supply-chain risk.
- Credentials
- noteThe skill requires no environment variables or credentials. That could be fine if the platform supplies the MCP tools with necessary node/indexer access, but it is unusual for a governance-querying capability to require no data-source configuration. Verify whether the get_* MCP tools rely on platform-level RPC keys or expect the agent to have access to credentials (which are not declared here).
- Persistence & Privilege
- okalways is false and there is no install step that writes or modifies persistent agent/system configs. The skill does not request elevated or persistent privileges.