Back to skill
Skillv1.0.0
ClawScan security
agent-workflow-designer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 11, 2026, 3:17 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill describes multi-agent orchestration and includes code that calls external LLM APIs (Anthropic/Claude) and platform-specific systems, but it declares no credentials or install steps and contains truncated/malformed examples — the declared metadata does not match what the instructions actually require.
- Guidance
- This skill’s documentation contains real-looking code that calls external LLM APIs (Anthropic/Claude) and refers to other orchestration platforms, but it does not declare any required API keys or installation steps and several code samples are truncated or malformed. Before installing or enabling: 1) ask the publisher to list required environment variables (e.g., ANTHROPIC_API_KEY) and to explain where data is sent; 2) request working, complete example code and explicit guidance about credential/scoping best practices; 3) if you must run it, use isolated/test environment and only provide least-privilege, scoped API keys (not broad account keys); 4) prefer skills that declare their dependencies and do not silently call external services. Because of the mismatches and incomplete examples, proceed cautiously or treat this as a draft until clarified.
Review Dimensions
- Purpose & Capability
- concernThe SKILL.md content matches the stated purpose (multi-agent workflow design) and includes concrete patterns and platform-specific guidance. However, the examples explicitly instantiate an Anthropic client and reference Claude models and other platforms (OpenClaw, CrewAI, AutoGen) while the skill metadata declares no required environment variables, credentials, or installs. This mismatch (external API usage without declared credentials or prerequisites) is incoherent.
- Instruction Scope
- concernThe runtime instructions and code samples direct the agent to make network/API calls (e.g., anthropic.Anthropic client usage, model calls, token accounting) and to synthesize results. The SKILL.md does not instruct reading unrelated local files, but it omits how credentials are provided and contains truncated/malformed code fragments (syntax errors and a truncated section) that make actual behavior unclear. The agent would be expected to send user data to third-party APIs but the guide doesn't declare or constrain that.
- Install Mechanism
- okThere is no install spec and no files beyond SKILL.md, so nothing will be written to disk or installed automatically by the registry. Instruction-only is low risk in terms of installation surprises.
- Credentials
- concernThe examples require access to Anthropic/Claude APIs (implying an API key or similar credential) and potentially other platform-specific credentials, but the skill's metadata lists no required environment variables or primary credential. Requiring zero env vars while showing code that calls external services is disproportionate and ambiguous — it fails to state what secrets would be needed and how they should be scoped/managed.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request elevated platform privileges. Autonomous invocation is allowed by default (noted), which is normal; there is no indication the skill modifies other skills or global agent settings.