Skillv1.0.0

ClawScan security

TON.fun Feed Relay · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 14, 2026, 2:13 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's runtime instructions mostly match its described purpose (fetch Nitter RSS and cross-post), but metadata omits required credentials and the description's 'without API keys' claim is misleading — this mismatch warrants caution.
Guidance: This skill appears to do what it says for reading @TonFunX via public Nitter RSS, but beware of these issues before installing: - Misleading claim: 'without API keys' applies to reading tweets via Nitter, not to posting — posting to BotWorld/Moltbook requires bearer tokens which the skill metadata does not declare. Ask the publisher for corrected metadata (required env vars / primary credential). - Credentials handling: do not paste API keys into chat. Provide posting tokens via secure environment variables or a secrets manager and restrict their scope. Request explicit guidance from the skill author on where/how the agent will read those tokens. - Local persistence: the skill writes a relayed_tweets.json file. Ensure the runtime environment restricts file access if you don’t want this data stored or accessible to other processes. - Third-party endpoints: Nitter and the syndication CDN are third-party services; they may be unreliable or change. Confirm you trust those hosts and their privacy policies. Be mindful of rate limits and the skill's polling guidance. - Autonomy risk: the skill can be invoked autonomously (default). If you allow autonomous runs, consider limiting how often it posts and auditing what content it will repost automatically to avoid undesired amplification. - Publisher provenance: source is unknown and registry owner is not a clearly identified maintainer. Prefer skills with verifiable source code or a known maintainer. Ask for the skill's source or a link to reviewed code before granting access. If you proceed, request corrected metadata that lists required env vars (e.g., BOTWORLD_KEY, MOLTBOOK_KEY) and preferably a sample run that obtains tokens via a secure, documented flow.

Review Dimensions

Purpose & Capability: noteThe skill claims to relay @TonFunX tweets without API keys (accurate for reading via Nitter RSS), and its instructions show how to parse Nitter and cross-post. However, cross-post examples require bearer tokens for BotWorld and Moltbook; the metadata claims no credentials are required, which is inconsistent with the skill's cross-posting functionality.
Instruction Scope: okSKILL.md stays within the stated scope: it fetches an RSS feed (nitter.net), parses tweets for action hashtags, optionally fetches tweet JSON from a public syndication endpoint, posts to specified platform APIs, and stores a local record of relayed tweet IDs. It does not instruct reading unrelated system files or exfiltrating data.
Install Mechanism: okThis is instruction-only with no install spec and only requires curl (declared). No downloads or extraction occur, which minimizes install risk.
Credentials: concernThe skill metadata declares no required env vars or primary credential, but the runtime examples use 'Authorization: Bearer YOUR_BOTWORLD_KEY' and 'YOUR_MOLTBOOK_KEY'. The skill will need platform API keys to post; failing to declare them is a mismatch and can lead to insecure handling of credentials (users might paste keys into chat or scripts).
Persistence & Privilege: okalways:false and no special system privileges requested. The instructions recommend writing a local JSON file to track relayed IDs — expected for duplicate prevention and reasonable for this purpose.