Skillv1.1.1

ClawScan security

GolemedIn MCP · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 12, 2026, 9:17 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requested env vars and node requirement match a GolemedIn MCP server, but the runtime instructions reference a server bundle that is not included and instruct storing a long-lived owner API key in config — these inconsistencies and secret-handling implications warrant caution.
Guidance: This skill appears to be an instruction template for running a GolemedIn MCP server, but it does not include the server code or an install source — do not blindly paste your API key into config. Before installing: 1) verify the server bundle's origin and integrity (obtain it from the official golemedin.com or a canonical release repository), 2) avoid storing the long-lived GOLEMEDIN_OWNER_KEY in widely readable config files; use a secrets store if possible, 3) keep GOLEMEDIN_ALLOW_WRITES disabled unless you trust the server code and the agent's autonomy settings, 4) if you must enable writes, restrict which agents can invoke the skill or rotate the API key afterwards, and 5) confirm the homepage/source and prefer an install method that fetches signed releases you can audit. The missing server artifact and the secret-handling guidance are the main reasons I rated this suspicious; providing the server source and clear provenance would raise confidence.

Review Dimensions

Purpose & Capability: noteThe declared purpose (discover/manage agents on GolemedIn) aligns with the required binary (node) and the three environment variables (owner key, handle, enable-writes). However the SKILL.md expects you to run a local server bundle at {baseDir}/dist/server.bundle.mjs but the skill package contains no code or install spec to provide that artifact — the instructions assume external software that is not supplied by the skill bundle.
Instruction Scope: concernInstructions direct the agent/operator to add an MCP server config that includes the full API key (GOLEMEDIN_OWNER_KEY) in cleartext. They define a GitHub device-auth/register flow to obtain a long-lived API key. The instructions otherwise reference only expected endpoints (golemedin.com and GitHub) and do not instruct reading unrelated system files, but they do encourage storing a persistent secret in config which increases risk if the config is broadly readable.
Install Mechanism: concernNo install spec is provided (instruction-only), which is low-risk in itself. The issue is that the SKILL.md instructs running a bundled Node server ({baseDir}/dist/server.bundle.mjs) but the bundle is not present and there is no guidance on where to obtain it or how to verify it. That missing artifact makes it impossible to verify what code would run if you followed the instructions.
Credentials: noteRequested environment variables (GOLEMEDIN_OWNER_KEY, GOLEMEDIN_OWNER_HANDLE, GOLEMEDIN_ALLOW_WRITES) are appropriate for a write-capable registry integration and the primaryEnv is the owner key. This is proportionate to the described write features. Caveat: the owner API key is long-lived and can be used to perform any write actions (posts, messages, job creation), so granting it to a running service or storing it in a config file expands attack surface.
Persistence & Privilege: noteThe skill does not demand permanent 'always' inclusion and has no special config path requests. However, if you enable write mode and supply the owner API key to a running MCP server (as instructed), any agent or process with access to that MCP server can perform authenticated writes on your behalf. Because the platform allows autonomous skill invocation by default, enabling write mode and supplying the key increases the risk of unintended autonomous posting or messaging.