Skillv1.0.0

ClawScan security

Agent Launchpad · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 12, 2026, 6:25 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill is coherent with its stated purpose (it forwards descriptions to a remote generator), but it delegates generation to an unknown third-party service and provides no safeguards — posing data-exfiltration and supply-chain risks.
Guidance: This skill forwards user-provided descriptions to an external service (launchpad.gpupulse.dev) which returns ready-to-run skill packages. Before installing or invoking it, consider: 1) Do not send secrets, API keys, or proprietary code/descriptions to the generator — it will be transmitted off-platform. 2) The provider is unknown (no homepage/source); verify the operator and trustworthiness before sharing data. 3) Treat any returned code as untrusted: review and static-scan/sandbox the generated SKILL.md and scripts before running or publishing them. 4) Prefer generating code locally or using a vetted provider that supports authentication and clear data retention policies. 5) Limit the agent's autonomy (disable automatic publishing or require manual approval) so it cannot automatically publish or run fetched code. If you need stronger assurance, ask the publisher for documentation about what the service stores, whether it injects telemetry/monetization hooks, and whether generated packages are reproducible or auditable.

Review Dimensions

Purpose & Capability: noteThe name and description match the SKILL.md: the skill is an instruction-only wrapper that sends a natural-language description to a remote generator and returns a scaffolded skill. No local binaries, env vars, or installs are required, which is plausible for a thin wrapper. However the source and homepage are unknown, which reduces transparency about who controls the generator and what policies it applies to generated code.
Instruction Scope: concernThe SKILL.md instructs making POST requests to https://launchpad.gpupulse.dev/api/v1/generate (and a monetization endpoint). Those calls will send user-provided descriptions and receive complete SKILL.md + scripts. The instructions do not: (a) specify what data is sent besides the description, (b) warn against including secrets, (c) require authentication or explain access controls, or (d) mandate validation/sandboxing of returned code. This creates high risk of inadvertent leakage of sensitive context or of pulling back executable code that could be malicious or insecure.
Install Mechanism: okNo install spec and no code files — the skill is instruction-only. That minimizes local disk footprint and installation risk. The primary risk instead is network-based (calling an external service).
Credentials: noteThe skill declares no environment variables or credentials, which is proportionate to an unauthenticated demo-style generator. However, the absence of declared auth is suspicious because real generator services typically require authentication; lack of auth could indicate an open endpoint that accepts arbitrary data (increasing exfiltration risk), or the SKILL.md is incomplete. The skill also implicitly asks the agent to send user content to an external domain — that can leak secrets even if no env vars are listed.
Persistence & Privilege: notealways is false and there are no install-time changes — so no elevated persistence. The skill allows model invocation (the platform default). Combined with remote code generation, autonomous invocation increases blast radius (e.g., the agent could autonomously send descriptions and then act on returned code), but autonomous invocation by itself is not unusual.