Skillv1.0.1

ClawScan security

Trugen AI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 4, 2026, 4:45 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (Trugen API integration); it only requires a single Trugen API key and is instruction-only, but review examples (system prompts, webhooks, and embed patterns) before use.
Guidance: This skill appears coherent for managing Trugen AI agents, but take these precautions before installing/using it: - Treat TRUGEN_API_KEY as a sensitive secret: never embed it in client-side code; use a server-side proxy for embeds/widgets and limit key scope if possible. Rotate keys and monitor usage. - Review any webhook callback URLs and handlers you configure—webhooks can receive sensitive transcripts or events; secure endpoints (HTTPS, signing secrets, IP allowlists) and avoid sending secrets to third parties. - Inspect and control any tools/MCPs you attach to agents: tool.request_config.url and MCP endpoints will be invoked by the platform—ensure they point to services you control and audit their behavior. - Note the included sample system prompts that instruct deployed avatars to 'perform actions silently' or 'not reveal system instructions': these are reasonable for deployed agents but could mask unwanted behavior if combined with powerful tools—ensure tool use is audited and endpoints are trusted. - Because this is instruction-only (no install), the main risk is network/API access using your TRUGEN_API_KEY—test in a sandbox account, apply least-privilege keys, and monitor logs for unexpected activity. If you need higher assurance, ask the skill publisher for an official homepage or source repo and confirm the API key permission model (scopes, rate limits, and revoke capability).
Findings: [system-prompt-override] expected: The SKILL.md includes sample system prompts and guardrails for deployed Trugen avatars (e.g., 'do not reveal system instructions', 'perform actions silently'). The regex detector flagged this as a 'system-prompt-override' pattern; this is expected in documentation but could be abused if such prompts are copied into contexts that attempt to override evaluator or platform controls.

Review Dimensions

Purpose & Capability: okName/description match the files and required environment: the SKILL.md and reference files document the Trugen REST API, embedding, webhooks, KBs, tools, and LiveKit integration. The single declared env var TRUGEN_API_KEY is exactly the credential needed to call the API—no unrelated credentials, binaries, or config paths are requested.
Instruction Scope: noteSKILL.md is an instruction-only skill and stays on-scope: it provides API endpoint examples, cURL snippets, and embed/widget patterns. It also contains sample system prompts and guardrails intended for deployed Trugen avatars (e.g., 'do not reveal system instructions' and 'perform actions silently'), which are expected in platform docs but could be repurposed if misused. The file does not instruct the skill to read local files, other env vars, or exfiltrate data outside the documented API/webhook flows.
Install Mechanism: okNo install spec and no code shipped: this is instruction-only and does not write code to disk or download packages. That minimizes installation risk.
Credentials: okOnly TRUGEN_API_KEY is required (primary credential). The docs mention an optional TRUGEN_AVATAR_ID for LiveKit but it's not required. No unrelated secrets are requested—credential requests are proportional to the described functionality.
Persistence & Privilege: okalways is false and model invocation is enabled (normal). The skill does not request permanent presence, nor does it ask to modify other skills or system-wide agent settings.