Back to skill
Skillv1.0.0
ClawScan security
Greenhouse · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 4, 2026, 8:53 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill largely matches its stated purpose (Greenhouse Harvest API access) but includes a few implementation oddities (reading a workspace .env file not declared in SKILL.md and a minor suspicious coding artifact) that warrant review before installation.
- Guidance
- This skill appears to be a functional CLI for the Greenhouse Harvest API and legitimately needs only your GREENHOUSE_API_KEY. Two things to review before installing: (1) the included script will try to read a .env file from the WORKSPACE path or ~/.openclaw/workspace/.env if GREENHOUSE_API_KEY isn't in the process environment; that behavior is not documented in SKILL.md and could reveal other variables stored there — ensure that file doesn't contain unrelated secrets or set GREENHOUSE_API_KEY explicitly in the agent environment instead. (2) There is a small coding oddity (an empty get_env call path was written but not used) which looks like a harmless bug, but you may want to inspect the full script yourself. If you proceed, prefer creating a dedicated Harvest API key with limited scope and run the skill in a sandbox or non-production account until you are comfortable.
Review Dimensions
- Purpose & Capability
- okName, description, and requested credential (GREENHOUSE_API_KEY) match: the tool is a CLI for the Greenhouse Harvest API and requires the Harvest API key (primaryEnv = GREENHOUSE_API_KEY), which is proportionate to the stated purpose.
- Instruction Scope
- concernSKILL.md instructs the agent to run the included CLI script and only lists GREENHOUSE_API_KEY. The script additionally reads an optional .env file from WORKSPACE or ~/.openclaw/workspace/.env to source environment variables. That filesystem access and implicit config-file lookup is not documented in SKILL.md and expands the agent's scope of reading user files beyond what the README declares.
- Install Mechanism
- okNo install spec (instruction-only with an included script). Nothing is downloaded or written by an installer; risk from install mechanism is low.
- Credentials
- noteOnly GREENHOUSE_API_KEY is declared and used as the credential. The script also respects a WORKSPACE env var to find a .env file, but it does not request or require additional secret env vars. This is mostly proportional, but reading the .env file can expose unrelated secrets if present.
- Persistence & Privilege
- okSkill is not always-enabled and does not request persistent agent privileges. It does not modify other skills or agent configuration per the provided files.