Back to skill
Skillv1.0.0
ClawScan security
Multica Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 29, 2026, 11:40 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill claims to manage Multica agents but its runtime instructions assume a multica CLI, python3, and session tokens/keys while the skill metadata declares no required binaries or credentials — this mismatch could lead to misconfiguration or accidental credential exposure.
- Guidance
- This skill mostly does what it says (manage Multica issues/agents) but the SKILL.md expects a 'multica' CLI, python3, and session/multica tokens while the metadata declares none — treat that as a red flag. Before installing or enabling: (1) confirm you have the multica CLI and python3 available; (2) verify where tokens/session-keys come from and avoid placing secrets in plain text logs (consider using env vars or a secret store); (3) test in a safe environment to confirm the exact credentials and file paths the skill will use; (4) if you want clearer safety, ask the publisher to declare required binaries and env vars (e.g., MULTICA_TOKEN, SESSIONS_KEY) and to avoid embedding or suggesting storing secrets in clear logs. If you cannot validate those points, consider treating the skill as untrusted or sandboxing its runtime.
Review Dimensions
- Purpose & Capability
- concernThe SKILL.md clearly expects a 'multica' CLI and Python to be available and shows operations like 'multica issue create' and 'multica agent list'. However the skill metadata lists no required binaries or credentials. Requiring the Multica CLI and an authenticated token is coherent with the stated purpose, but the metadata omission is an inconsistency that could mislead users about what the skill actually needs.
- Instruction Scope
- concernInstructions direct the agent to run multica CLI commands, run a python3 one-liner to parse JSON, and write logs to ~/.openclaw/workspace/logs/multica-tasks.log. They also include example pseudocode using sessions_send with a 'sessionKey'. These runtime actions access local files and require credentials (Multica token or session keys) that are not declared. The instructions are specific (not overly vague) but reference secrets and file paths outside the skill metadata.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no packages fetched at install time, which is lower risk. Note: runtime behavior writes to a user log path and executes local CLI/python commands if available — nothing is installed by the skill itself.
- Credentials
- concernThe SKILL.md explicitly says the CLI must be logged in (token configured) and shows use of a sessions_send(sessionKey=...) pattern, implying secrets are needed. Yet the skill declares no required environment variables or primary credential. That omission is disproportionate: the skill needs access to service tokens/session keys but does not declare or document how they should be provided or protected.
- Persistence & Privilege
- notealways: false and user-invocable: true (default) — normal. The skill logs actions to ~/.openclaw/workspace/logs which is a reasonable local footprint for audit, but users should note logs may contain task titles or identifiers. The skill does not request system-wide changes or modify other skills' configs.