Skillv1.0.0

ClawScan security

InspirAI API Spec · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 15, 2026, 2:07 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's described functionality (managing local API spec files and a local registry) is coherent, but the runtime instructions perform filesystem and git operations while the manifest omits required binaries/credentials and does not explicitly acknowledge use of the user's git credentials or home directory—this mismatch warrants caution.
Guidance: What to consider before installing: - This skill will read your project source files (routes, handlers), create/update files in your project root (e.g., .api-spec.yaml), and operate on a local registry at ~/.apispec/registry (it will run git clone/pull and likely git commit/push). - The manifest does not declare required binaries (e.g., git, find). Make sure git and other CLI tools are available and that you understand how the skill will authenticate to remotes (it will use your existing git credentials—SSH keys or credential helper). If you have sensitive repos or credentials, avoid allowing automatic pushes. - The skill may write to your home directory and repository working trees; back up important files and review generated .api-spec.yaml and any changes before committing or pushing. - If you want to reduce risk: run the tool manually in a controlled environment (local clone), review the SKILL.md steps, or restrict the agent so it cannot run the update flow autonomously (require explicit confirmation for clone/push/overwrite operations). - If possible, ask the publisher for clarification: add required binaries (git), explicit mention of git pushes and authentication method, and an explicit list of files/paths the skill will read and write. If you cannot verify the source, treat it cautiously.

Review Dimensions

Purpose & Capability: noteThe skill's name and description match the instructions: init/lookup/search/update for an API-spec registry. However, the SKILL.md instructs use of shell utilities (git clone, git pull, find, creating files under ~/.apispec) while the skill's manifest lists no required binaries or config paths. At minimum, 'git' and common shell tools should be declared. The intent is plausible, but the manifest omission is an inconsistency.
Instruction Scope: concernRuntime instructions read project source files (routes, router files), create and modify files (e.g., .api-spec.yaml, optional .gitignore entries), and operate on a spec repo under ~/.apispec/registry (git clone/pull). The skill may iterate over all projects in the registry and read YAML/API files. The update flow (truncated in the provided content) likely includes writing spec files and performing git commits/pushes. Those actions give the skill the ability to read many local files and interact with remote repos; this is within the stated purpose but expands scope to include network access and modification of local/home files and repository history—users should expect that behavior and be warned.
Install Mechanism: okInstruction-only skill with no install spec and no code files. That minimizes install-time risk since nothing is downloaded or written by an installer. Runtime file and git operations remain the primary risk surface.
Credentials: concernThe manifest declares no required environment variables or credentials, yet the instructions implicitly rely on the user's git configuration/credentials (SSH keys, credential helpers) and access to the home directory (~/.apispec/registry). The skill will therefore use whatever git auth is configured on the host without declaring it. This is reasonable functionally, but the lack of explicit declaration is a proportionality/visibility issue: the skill can cause remote pushes or read private repos using existing credentials.
Persistence & Privilege: noteThe skill is not always-enabled and is user-invocable; autonomous invocation is allowed (platform default). The instructions write files to project roots and to ~/.apispec/registry and may perform git commits/pushes, so installed runs can have persistent effects. This is expected for an 'update' capability but increases blast radius if allowed to run autonomously—consider limiting autonomous invocation or requiring explicit user confirmation for destructive actions (git push, overwrites).