Skillv0.1.0

ClawScan security

Cubistic Painter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousFeb 23, 2026, 6:37 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The code implements a polite Cubistic painting bot that matches the description, but the package/registry metadata omits required environment variables (sensitive API_KEY and BACKEND_URL), which is an incoherence you should resolve before trusting the skill.
Guidance: The scripts appear to do exactly what the description promises (polite Paint actions, local SHA-256 PoW, backoff). The main red flag is the metadata mismatch: the registry claims no required env vars, but the SKILL.md and scripts require BACKEND_URL and API_KEY (sensitive). Before installing or running: (1) confirm the BACKEND_URL is the legitimate Cubistic backend you intend to use, (2) create and use a dedicated bot API key (do not reuse any personal or cloud credentials), (3) prefer running scripts in an isolated environment or container, (4) run scripts with COLOR_INDEX and MAX_* limits to avoid aggressive behavior, and (5) consider running run-once.mjs manually first to verify behavior. If you manage the skill registry entry, update metadata to declare the required env vars so the skill's manifest accurately reflects its needs. If you cannot verify the backend or the source, treat the missing metadata as suspicious and avoid providing high-value credentials.

Purpose & Capability: concernThe skill's name/description (Cubistic painter) matches the included Node scripts' behavior (GET /pixel, GET /challenge, local PoW, POST /act). However the registry metadata claims no required env vars or primary credential, while SKILL.md and the scripts clearly require BACKEND_URL and API_KEY. That mismatch is unexpected and reduces trust.
Instruction Scope: okSKILL.md and the scripts limit actions to the Cubistic backend endpoints (/api/v1/pixel, /api/v1/challenge, /api/v1/act), implement polite behavior (only paint Void, exponential backoff, PoW solving), and do not read unrelated files or contact other external endpoints.
Install Mechanism: okNo install spec; this is instruction+script only. Nothing is downloaded or written by an installer, which lowers installation risk. The scripts require Node 18+ (webcrypto/fetch availability).
Credentials: concernThe scripts require two environment values: BACKEND_URL and API_KEY (sensitive). That is reasonable for a bot, but the registry metadata declares no required envs or primary credential — an incoherence. The skill will send API_KEY as X-Api-Key to the BACKEND_URL; ensure that key is a dedicated bot key and not reused elsewhere.
Persistence & Privilege: okFlags show no elevated persistence (always: false). The skill does not modify other skills or system configs; autonomous invocation is allowed (default) but there's no additional privilege requested.