Skillv1.1.0

ClawScan security

Placed Career Tools · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 21, 2026, 10:01 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and runtime instructions match its stated purpose (calling the Placed API for resume/job, cover letters, salary, and company research); no unexplained credentials, installs, or hidden endpoints were found — but its suggested method for storing the API key (sourcing a plaintext export file) has modest security trade-offs you should consider.
Guidance: This skill appears to do what it says (call the Placed API) and asks only for a Placed API key. Before using it: (1) verify the homepage/endpoint (https://placed.exidian.tech) is the real service you trust, (2) prefer storing API keys in a secure store or OS keychain rather than plaintext files; if you use the suggested ~/.config/placed/credentials file, set restrictive file permissions (chmod 600) and avoid storing other secrets there, (3) be aware that 'source' will execute anything in that file — review it before sourcing, (4) do not paste your API key into public chat or logs, and (5) inspect the token's scope and rotate/revoke it if you stop using the skill. If you want stronger safety, avoid persisting the key and enter it only per-session, or manually create the credentials file with appropriate permissions instead of allowing the skill to overwrite it.

Review Dimensions

Purpose & Capability: okName/description describe career tools and all declared actions (match resume, generate cover letters, salary data, company research). The SKILL.md only requires a Placed API key and shows curl calls to https://placed.exidian.tech/api/mcp — this is coherent and proportional to the stated functionality.
Instruction Scope: noteInstructions are focused on API usage and provide a shell helper (placed_call). They instruct checking $PLACED_API_KEY, sourcing ~/.config/placed/credentials, prompting the user if missing, and then writing the key back to that file. That behavior is within scope but introduces two practical concerns: (1) sourcing a file executes shell code found there (typical for env files but could execute unexpected commands if the file is compromised), and (2) the instructions overwrite/create a plaintext file with an exported key, which may expose the secret if file permissions are permissive or the file already contained other content.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files — lowest disk/write risk. It relies on standard system tools (curl, bash, python3) already expected on many systems.
Credentials: okNo required environment variables or unrelated credentials are declared. The only secret involved is PLACED_API_KEY, which is appropriate for a service-specific API client. The skill does access $HOME/.config/placed/credentials (expected for storing that API key) but does not request other unrelated secrets.
Persistence & Privilege: okSkill is not always-enabled and can be invoked by the user. It does instruct saving the API key into a per-user config file, which is normal for API clients; it does not attempt to modify other skills or global agent settings.