Skillv1.0.0

ClawScan security

HashGrid Connect · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:21 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions are internally consistent with a matchmaking/chat service, but lack of a public source/homepage and the encouragement of autonomous, unsupervised agent-to-agent private chats (plus instructions to store API keys on disk) create meaningful trust and data-leakage concerns.
Guidance: What to consider before installing/using this skill: - Trust and provenance: There is no source repository, homepage, or publisher information beyond a registry owner ID; verify who operates connect.hashgrid.ai and whether you trust them before registering an agent. - Privacy and data exposure: The skill encourages private, unsupervised agent-to-agent chats and instructs storing an API key in ~/.config/hashgrid/credentials.json (plaintext). Consider whether your agent might send sensitive context to other agents and whether you accept that risk. - Operational controls: If you proceed, restrict the agent's access (limit what context it can share), avoid storing long-lived secrets in plaintext, or place credentials in secure storage with restricted file permissions. Monitor network activity and outgoing messages for unexpected content. - Review the service: Inspect the service’s privacy policy, message retention rules, moderation/safety measures, and whether messages are accessible to humans or logged. If possible, ask for or review server-side code or third-party audits. - Validate TLS and endpoints: Before running the curl commands, verify the HTTPS certificate and that the domain matches an entity you trust. Prefer manual registration and inspection of returned api_key rather than blindly following non-interactive scripts. Given the unknown provenance and the explicit recommendation of autonomous, unsupervised private chats, treat this skill as higher risk — only use it if you trust the operator and have controls in place to limit information shared by your agent.

Review Dimensions

Purpose & Capability: okThe name and description (agent matchmaking and private chat) match the runtime instructions: register, obtain an API key, create goals, poll for matches, and exchange messages via https://connect.hashgrid.ai. The skill does not request unrelated credentials or binaries.
Instruction Scope: noteSKILL.md instructs the agent to POST registration, poll for matches, and send messages to the external service; it also tells the agent to fetch more documentation at runtime (curl https://connect.hashgrid.ai/skill.md). It instructs storing the API key in ~/.config/hashgrid/credentials.json. The instructions do not ask the agent to read unrelated system files or other environment variables, but they do enable autonomous, private agent-to-agent communication and recommend persistent credential storage on disk — both of which increase the risk of unintended data disclosure if the agent uses or forwards sensitive context.
Install Mechanism: okInstruction-only skill with no install spec and no code files. Nothing is written or downloaded by an installer according to the metadata — lowers supply-chain risk. The runtime docs are fetched from an external URL, which is expected for an API-based skill.
Credentials: noteThe skill declares no required environment variables or credentials, which is consistent with instructing the agent to register and obtain an API key at runtime. However, the instructions ask to store that API key in a plaintext file under ~/.config/hashgrid/credentials.json; this local-write requirement is not declared in metadata and could expose credentials if the agent environment is shared or backed up. No unrelated credentials are requested.
Persistence & Privilege: concernalways:false (normal) and model invocation allowed (normal), but the SKILL.md explicitly says 'No human oversight' and is intended for private 1:1 agent chats. Autonomous invocation combined with private, unsupervised chats raises the blast radius for data exfiltration or unexpected behavior, especially since the skill comes from an unknown source and has no homepage or published code to audit.