Back to skill
Skillv1.0.0
ClawScan security
Buffer Social Media · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 3, 2026, 10:01 PM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and runtime instructions expect a Buffer API key and an npm install, but the registry metadata omits required environment variables and an install step — this mismatch is concerning and should be resolved before trusting the skill.
- Guidance
- This skill appears to be a legitimate Buffer CLI implementation, but there are important inconsistencies you should address before installing: 1) Metadata vs reality: the registry metadata does NOT declare the BUFFER_API_KEY env var or an install step, yet SKILL.md and code require you to run 'npm install' and set BUFFER_API_KEY in .env. Treat that as a red flag — confirm the skill's source and intent with the publisher before running it. 2) Verify origin: the skill lists no homepage and the registry owner ID is unfamiliar. Prefer skills with a public repository or homepage you can review. If you still want to use it, inspect the repository contents (package.json, package-lock.json) locally before running npm install. 3) Run safely: if you must try it, do so in a restricted environment (ephemeral VM or container) and do not use high-privilege or broadly-scoped secrets. Create a Buffer API key with the least privilege possible (or a throwaway account) and keep it separate from other production keys. 4) Audit dependencies and network: run 'npm audit' and review package-lock integrity. Review buffer-api.js to confirm all outgoing requests are to Buffer domains and that no other unexpected endpoints exist. 5) Rotate keys if needed: if you exposed an API key while testing with an unknown skill, rotate/revoke it immediately. If the publisher can update the registry metadata to declare BUFFER_API_KEY and note the required npm install step (or provide a trusted homepage/repo), that would significantly reduce the concern.
Review Dimensions
- Purpose & Capability
- noteName, description, SKILL.md and source files consistently implement a Buffer CLI that talks to Buffer's GraphQL API. However the registry metadata claims 'Required env vars: none' and 'No install spec — instruction-only' while the SKILL.md and code clearly require BUFFER_API_KEY/.env and expect 'npm install'. That metadata omission is incoherent with the actual capability.
- Instruction Scope
- okSKILL.md and the code instruct the agent to read a local .env, validate BUFFER_API_KEY, call Buffer's API, and optionally read local image files (validated via existsSync). The instructions do not request unrelated files, other credentials, or unexpected external endpoints beyond Buffer and referenced developer docs.
- Install Mechanism
- noteThere is no registry install spec but the package includes full Node.js source, package.json, and package-lock.json and SKILL.md tells users to run npm install. This is not inherently malicious, but the mismatch (no declared install but code present) is a sign to verify origin before running npm install from an untrusted skill.
- Credentials
- concernThe runtime requires BUFFER_API_KEY (and optionally BUFFER_API_URL) per SKILL.md and lib/config.js, but the registry metadata lists no required env vars or primary credential. Requesting a single Buffer API key is proportionate for a Buffer integration, but the metadata omission increases risk (users might not realize a secret will be used).
- Persistence & Privilege
- okSkill is not always-enabled and does not request persistent system-wide privileges. It does not modify other skills or system configs; autonomy is allowed by default but does not combine with other privilege red flags here.