Skillv1.0.0

ClawScan security

deAPI - AI Media Generation Toolkit · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 9:59 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions are coherent for a deAPI media client, but the package metadata omits the required DEAPI_API_KEY and the runtime guidance includes uploading/downloading arbitrary user URLs (possible data exfiltration risk), so the registry metadata and declared requirements are inconsistent with the actual runtime behavior.
Guidance: Key things to consider before installing: - The skill requires a DEAPI_API_KEY at runtime (SKILL.md shows export DEAPI_API_KEY) but the registry metadata does not declare this; expect to provide an API key if you use it. - Using the skill means media (files/URLs you supply) will be downloaded and uploaded to deapi.ai — do not supply private or sensitive URLs/files unless you trust deapi.ai and understand its privacy/retention policy. - The skill provides webhook/websocket samples; if you configure webhooks, ensure you properly implement signature verification and keep any webhook secrets private. - Because the skill can be invoked autonomously by the agent, an exposed DEAPI_API_KEY (or one you set globally) could be used without explicit prompts. Prefer scoping credentials and use per-project keys if possible. - Ask the publisher to correct the package metadata to declare DEAPI_API_KEY (and any other required env vars) so registry tooling and reviewers can accurately assess the need for secrets. - If you have low trust in deapi.ai or need strong privacy guarantees, do not use this skill for sensitive media; consider running local or self-hosted tools instead.

Review Dimensions

Purpose & Capability: noteName/description match the instructions: this is a deAPI client for image/audio/video/OCR/embeddings and related tasks. The functionality described (calling deapi.ai endpoints) is consistent with the skill's purpose. However, the registry metadata lists no required environment variables while SKILL.md explicitly requires DEAPI_API_KEY — a clear mismatch.
Instruction Scope: noteSKILL.md provides step-by-step cURL flows for job submission, polling, result fetching, and sample webhook/websocket boilerplate. It instructs the agent to download user-provided URLs to /tmp and then upload them to deapi.ai (expected for media processing). This is within scope but does involve downloading arbitrary remote content and sending it to a third-party service — a privacy/exfiltration concern if users provide sensitive URLs or files. The instructions do not tell the agent to read unrelated system files or other creds.
Install Mechanism: okInstruction-only skill with no install spec and no code files — minimal filesystem footprint and no arbitrary third-party packages to fetch at install time.
Credentials: concernSKILL.md requires DEAPI_API_KEY (and shows how to export it), but the registry metadata reported no required env vars or primary credential. That mismatch is concerning: the skill needs a network API key (appropriate for its purpose) but the package metadata fails to declare it. No other unrelated credentials are requested.
Persistence & Privilege: okalways is false and the skill does not request any system-level persistence or modify other skills. disable-model-invocation is false (normal), so the skill can be invoked autonomously; combined with the undeclared API key requirement this increases risk if the key is provided but the user is unaware of autonomous calls.