Back to skill
Skillv1.0.1
ClawScan security
Placed Job Tracker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 21, 2026, 9:59 PM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's functionality (calling the Placed API) is coherent, but the instructions read and write a plaintext credentials file and source it while the registry metadata does not declare the required API key — this mismatch and the sourcing behavior are concerning.
- Guidance
- This skill appears to do what it says (call the Placed API) but take these precautions before installing/using it: 1) Confirm you trust https://placed.exidian.tech and obtain the API key from your account settings there. 2) Prefer providing the key via an environment variable rather than having the skill write a plaintext file; if you must store it, inspect the saved file to ensure it contains only an export line and set file permissions (chmod 600). 3) Be aware that the skill will source ~/.config/placed/credentials on startup — if that file is tampered with it could execute arbitrary shell commands. 4) Ask the publisher to update registry metadata to declare PLACED_API_KEY as a required credential and to offer a secure storage recommendation (or use a secrets manager). 5) If you have sensitive host-level threat concerns, avoid persisting the key and instead provide it for the session only.
Review Dimensions
- Purpose & Capability
- noteThe skill's stated purpose (track job applications via the Placed API) matches the instructions which call https://placed.exidian.tech/api/mcp. However, the registry metadata declares no required credentials while the SKILL.md clearly expects a PLACED_API_KEY — an omission in declared requirements.
- Instruction Scope
- concernRuntime instructions tell the agent to source ~/.config/placed/credentials (if present), prompt the user for the API key if not set, then write that key into ~/.config/placed/credentials and export it. Sourcing an arbitrary file in the user's home directory can execute shell code if that file is tampered with. The skill also instructs saving the API key to disk in plaintext without guidance on secure permissions.
- Install Mechanism
- okThis is instruction-only with no install spec or downloaded code. No files are installed by the skill itself (beyond instructions that write a credentials file). That lowers code-delivery risk.
- Credentials
- concernThe only secret used is PLACED_API_KEY, which is appropriate for a service-integration skill — but the skill did not declare this required environment variable in the registry metadata. It also persistently stores the key in a plaintext config file, which is a higher-risk pattern and not justified in the metadata.
- Persistence & Privilege
- noteThe skill does not request always:true or other elevated agent privileges. However, it instructs persistent storage of the user's API key under ~/.config/placed/credentials and sourcing that file on later runs, which gives the skill (and anything that can modify that file) long-lived access to the token. The persistence is at the credential level rather than an agent-level installation.