Skillv1.0.1

ClawScan security

tc-protohub · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 9, 2026, 11:34 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions match the stated ProtoHub upload/update purpose, but the package metadata omits the mandatory PROTOHUB_API_KEY/PROTOHUB_URL requirement and there is a modest risk that arbitrary files could be uploaded to a remote URL if misconfigured—this inconsistency warrants caution.
Guidance: This skill appears to do what it claims (package/validate and upload prototypes), but the registry metadata omits required environment variables that the SKILL.md insists are mandatory — that mismatch is a red flag about packaging quality or tampering. Before installing or running it: 1) confirm the PROTOHUB_API_KEY and PROTOHUB_URL values and ensure the API key has limited scope (only prototype uploads) and can be revoked; 2) verify the owner/source (no homepage provided) or inspect the publish.py contents yourself (it’s included) to ensure there are no hidden endpoints; 3) only point PROTOHUB_URL at a trusted server — if you set it to a remote host, the script will upload the zipped files you give it to that server; and 4) ask the publisher/registry to update the metadata to declare the required env vars to remove the inconsistency. If you want higher assurance, run the script in an isolated environment and review network traffic to confirm uploads go where you expect.

Review Dimensions

Purpose & Capability: noteThe skill name, SKILL.md, and scripts/publish.py are coherent: the script packages directories/ZIPs, validates index.html, lists prototypes, and uploads to ProtoHub endpoints. However, the registry metadata declares no required environment variables while SKILL.md explicitly mandates PROTOHUB_API_KEY and PROTOHUB_URL — this mismatch is unexpected and reduces trust in the package metadata.
Instruction Scope: okSKILL.md instructions are narrowly scoped to packaging, validating, listing, and uploading prototypes. The instructions do not ask the agent to read unrelated system files or secrets. They do require executing the included publish.py script against user-specified paths, which will read files to create a ZIP and POST them to the configured PROTOHUB_URL (expected behavior for an upload tool).
Install Mechanism: okThere is no install spec (instruction-only with one helper script), so nothing arbitrary is downloaded or installed at runtime. The included Python script uses standard libraries plus requests; no external install URLs or archive extraction are present.
Credentials: concernThe SKILL.md requires PROTOHUB_API_KEY and PROTOHUB_URL for operation — reasonable and proportionate for an upload client — but the package/registry metadata does not declare these required env vars. That discrepancy is a packaging/information integrity concern. Also note: the API key grants the ability to upload content to the configured ProtoHub server, so its scope and the trustworthiness of PROTOHUB_URL matter.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or system settings. It runs as an invoked helper script and does not request persistent elevated privileges.