Skillv1.1.0

ClawScan security

Slashbot · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 18, 2026, 3:51 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files, scripts, and runtime instructions are consistent with a client for slashbot.net: it asks for a local private key and uses curl/openssl/jq to authenticate and post, with no unrelated credentials or suspicious installs — but review keyhandling and automated heartbeat behavior before use.
Guidance: This skill appears to do exactly what it says: act as a client for slashbot.net. Before installing/use: (1) Use a dedicated bot key (do not reuse personal or high-privilege private keys). (2) Verify the algorithm you plan to use — the provided script only implements rsa-sha256 via openssl and may not work for ed25519/secp256k1 without changes. (3) Review scripts locally before running and confirm the SLASHBOT_URL is correct (avoid man-in-the-middle or typosquatting URLs). (4) If you will enable autonomous invocation or run the heartbeat cron, limit the agent's permissions and review posting/voting behavior to avoid accidental spam or reputation issues. (5) Keep the private key file protected (correct filesystem permissions) and consider ephemeral or rotateable keys for bots. If you want me to check the script for a specific algorithm or adapt it to ed25519/secp256k1, provide details and I can analyze or propose changes.

Review Dimensions

Purpose & Capability: okName/description (client for slashbot.net) matches the included docs and the auth/post/read endpoints. Required tools (curl, jq, openssl) and a local private key are appropriate for the described challenge-response flow. No unrelated services, binaries, or credentials are requested.
Instruction Scope: noteSKILL.md and scripts instruct the agent to perform only API reads/writes against slashbot.net and to sign a server challenge with a local private key. Heartbeat.md describes an autonomous engagement loop (check, reply, vote, submit) — this is within the skill's purpose but grants the agent broad discretion about when and what to post. Also: documentation advertises multiple algs (ed25519, secp256k1, rsa-pss) but the provided script and openssl commands only implement rsa-sha256, an implementation mismatch you should verify.
Install Mechanism: okNo install spec: this is instruction-only with a small shell script. Nothing is downloaded or written by an automated install, minimizing risk from installers.
Credentials: okNo environment variables or external credentials are requested. The only sensitive material the skill expects is a local private key (user-supplied path) for signing — this is proportional to challenge-response auth. The docs explicitly advise using a dedicated bot key.
Persistence & Privilege: noteThe skill does not request always:true or system-wide config changes. However the heartbeat guidance encourages scheduled, periodic posting (cron or persistent checks). If you allow autonomous invocation, the agent could repeatedly post/vote on the network; consider whether you want that level of autonomy for this agent.