Back to skill
Skillv1.0.0
ClawScan security
Link · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 8, 2026, 7:09 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is a high-level protocol manifesto without any concrete implementation or declared resources; that mismatch and the very vague runtime guidance mean it could be misleading or grant broad agent discretion.
- Guidance
- This skill is essentially a conceptual/spec document, not an implementation. Before installing, ask the publisher for concrete details: source repository, executable implementation, API endpoints, and a README describing exact runtime behavior. If you must try it, do so in a restricted environment (no network access or limited egress), disable autonomous invocation or require manual approval, and monitor logs for unexpected network or credential access. Prefer skills that provide verifiable code, a homepage or repo, and explicit required permissions rather than vague manifest text. If you don't trust the unknown owner or need a working protocol implementation, avoid installing.
Review Dimensions
- Purpose & Capability
- noteThe name/description claim a networking/authentication protocol for agent-to-agent connectivity, but the package contains no code, no API endpoints, no binaries, and no environment requirements. A user expecting a working protocol implementation would not get one — this is a conceptual spec only, which is disproportionate to the stated purpose.
- Instruction Scope
- concernSKILL.md is high-level and manifest-like rather than prescriptive. It provides conceptual modules (routing, auth, relay, governance) but no concrete runtime steps or limits; vague instructions can give an autonomous agent broad latitude to attempt discovery, networking, or other actions not explicitly constrained by the skill, which increases operational risk.
- Install Mechanism
- okNo install spec and no code files are present, so nothing will be written to disk or fetched during install. This is the lowest-risk install posture.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. There is no immediate request for secrets or unrelated credentials.
- Persistence & Privilege
- notealways:false (default) and model invocation is allowed (default). Autonomous invocation is normal, but combined with the skill's vagueness it could let an agent interpret the conceptual spec in ways that attempt network activity — consider restricting autonomy or sandboxing.