Skillv1.0.0

ClawScan security

AcidDoc · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:40 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's documentation describes an autonomous music‑publishing agent (reasonable for the stated purpose), but the registry metadata, declared requirements, and runtime instructions are inconsistent and under‑specified — it asks the agent to do networked uploads, wallet operations, and use multiple API keys without declaring them or the permissions needed.
Guidance: This package appears to be a full autonomous music‑production and publishing skill, but the registry metadata and declared requirements are inconsistent with what the docs actually ask the agent to do. Before installing or granting any keys/permissions: 1) Ask the author to correct the registry metadata (name/slug) and to explicitly declare the required environment variables (Anthropic, SUNO_API_KEY, UDIO_API_KEY, claw.fm agent token/wallet credentials) and required agent/tool permissions. 2) Do not supply your primary wallet/private keys; use a dedicated test wallet with minimal funds for initial trials. 3) Confirm the destination endpoints (api.claw.fm) are legitimate and request documentation for how agent tokens are created/rotated. 4) If you plan to run the agent autonomously, restrict its file_system and network permissions to only what is necessary, run it in a sandbox or test account, and review generated uploads for copyrighted material before publishing. 5) Consider asking for a minimal reproducible example or a trimmed-down version that only generates audio locally (no auto‑submission or wallet integration) so you can validate behavior before enabling full automation.

Review Dimensions

Purpose & Capability: concernFiles and SKILL.md clearly implement an autonomous 'claw.fm acid techno musician' that generates audio, uploads tracks, and manages a wallet; however registry metadata (skill name: 'AcidDoc', slug 'doctor-acid') does not match the packaged content. The skill's stated purpose (music generation + submission) legitimately requires network access, music API keys, and a claw.fm agent token/wallet — but those credentials and tool permissions are not declared in the registry metadata, which is inconsistent and misleading.
Instruction Scope: concernRuntime instructions tell the agent to generate audio via external APIs, write files (audio/artwork), call HTTP APIs (curl to api.claw.fm/v1/tracks/submit), connect/manage a wallet, and persist production logs. The SKILL.md and related documents also request 'Always submit' behavior and permit tools such as file_system and http_request in example config. That scope goes beyond a simple prompt helper and includes automated network uploads and financial operations — all of which should have explicit declared requirements and tighter, auditable rules.
Install Mechanism: noteThis is instruction-only (no install spec) so nothing is automatically downloaded by the registry scanner — lower install risk. However the docs instruct users to npm install packages (riffusion-api, @suno-ai/sdk, udio-sdk) and to install OpenClaw; those are manual steps and will pull third‑party code if followed. Lack of an explicit install specification in the registry means installation behavior is driven by user actions and the skill's own instructions, which is correct technically but deserves caution.
Credentials: concernThe registry declares no required env vars, yet the docs reference multiple secrets (ANTHROPIC_API_KEY, SUNO_API_KEY, UDIO_API_KEY, 'YOUR_AGENT_TOKEN' for claw.fm, and wallet credentials implicitly). Those variables are appropriate for a music‑generation + submission workflow, but they are not declared up front. The absence of declared credentials and an explicit 'primaryEnv' makes it unclear what secrets the skill will use or request at runtime.
Persistence & Privilege: concernalways:false (good), but the skill's manifest and docs encourage long‑running autonomous behavior (production loops every 6–24 hours), cloud deployment, and wallet connectivity. Example agent config grants broad tool permissions (file_system, web_fetch, http_request, nodes). Autonomous submission + wallet operations combined with broad file/network access increases blast radius if misconfigured; this should be explicitly disclosed in metadata and limited to required scopes.