Skillv0.1.0

ClawScan security

Raindrop CLI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 10:58 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's description and runtime instructions expect a RAINDROP_TOKEN and a provided `raindrop` CLI, but the skill bundle declares no required env vars or install files and contains no code — these inconsistencies are concerning.
Guidance: This skill's docs expect a RAINDROP_TOKEN and a `raindrop` CLI, but the package contains no code or declared env requirements. Before installing or enabling it: (1) ask the publisher for the missing script or a clear install source (GitHub release or package) and for the RAINDROP_TOKEN to be declared in metadata; (2) avoid storing tokens in shared config unless you trust all skills that read that path; (3) prefer a skill that either includes its installer or documents a trustworthy acquisition URL and explicitly lists RAINDROP_TOKEN as a required credential. If you can't verify those, don't enable the skill with your Raindrop token — the agent might try to run or fetch an undeclared binary or mis-handle your credential.

Review Dimensions

Purpose & Capability: concernThe SKILL.md says this skill provides a `scripts/raindrop` CLI and requires a personal RAINDROP_TOKEN; however, the published bundle contains no code, no scripts, and the registry metadata lists no required environment variables. Either the skill expects an existing external binary (not declared) or the package is incomplete — this does not align cleanly with the claimed purpose.
Instruction Scope: concernInstructions instruct the user to set RAINDROP_TOKEN (recommended in ~/.config/openclaw/gateway.env) and show CLI usage. They do not instruct the agent to read other unrelated files, but recommending a shared gateway.env path is notable because that path may hold other credentials; the instructions do not explain how the `raindrop` CLI is obtained or executed.
Install Mechanism: noteThere is no install spec (instruction-only), which is low risk in itself. However, the SKILL.md claiming to 'provide scripts/raindrop' while no code or install instructions exist is an inconsistency: the agent may attempt to run a non-existent CLI or try to fetch/install it at runtime without guidance.
Credentials: concernThe runtime docs require RAINDROP_TOKEN, but the skill metadata declares no required env vars and no primary credential. That mismatch is suspicious — a Raindrop integration legitimately needs a token, and it should be declared explicitly so users know what will be accessed.
Persistence & Privilege: okThe skill is not always-enabled and allows normal autonomous invocation. It does not request elevated persistence or modify other skills' configs according to the provided manifest.