Back to skill
Skillv1.2.0
ClawScan security
claw-pet · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 11, 2026, 4:12 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code and runtime instructions match its stated purpose (calling a remote catch API) but the registry metadata does not declare the required environment variables (CATCH_API_URL and API_KEY), which is an inconsistent omission you should understand before installing.
- Guidance
- This skill appears to implement exactly what it says (calling a user-provided catch API), but the registry metadata fails to list the required environment variables. Before installing: (1) confirm the CATCH_API_URL points to a backend you control or trust; (2) provide the API_KEY via environment variables rather than committing it into _meta.json; (3) limit the API_KEY's scope/permissions and be prepared to rotate it if exposed; (4) review the included scripts yourself (they are short and readable) and test against a non-production backend first; and (5) be aware the agent may call your backend when invoked, so consider whether you want autonomous calls enabled in your agent settings.
Review Dimensions
- Purpose & Capability
- noteName/description (remote 'catch' action) aligns with the script and SKILL.md: the skill makes a POST to a configured backend and parses pet/item/empty/error responses. However the registry metadata lists no required env vars or primary credential while the runtime requires CATCH_API_URL and API_KEY. That metadata omission is inconsistent.
- Instruction Scope
- okSKILL.md and the script narrowly instruct the agent to load config from environment or _meta.json, POST {'action':'catch'}, parse JSON response, and format results. The instructions do not request unrelated files, system credentials, or contact external endpoints beyond the configured CATCH_API_URL.
- Install Mechanism
- okNo install spec; instruction-only with a small included Python script. Nothing is downloaded or installed automatically, so there is low installation risk.
- Credentials
- concernThe skill legitimately needs two configuration values (CATCH_API_URL and API_KEY) to operate, which is proportionate. The concern is that the registry metadata does not declare these required env vars or a primary credential, creating a mismatch that could confuse users and lead to misconfiguration or accidentally checked-in secrets. The script also reads a local _meta.json (packaged with the skill) as a fallback, which could cause developers to accidentally commit secrets if they are placed there.
- Persistence & Privilege
- okalways:false and no unusual persistence or cross-skill configuration changes. The skill can be invoked autonomously by the agent (platform default), which increases blast radius if a malicious backend were configured, but that is normal behavior and not by itself a red flag here.