Skillv1.0.0

ClawScan security

Clone Farm Detector · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 22, 2026, 4:50 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (detecting clone-farming) is plausible, but the instructions are vague about how data is acquired/processed and the declared runtime needs (curl, python3) are not accompanied by any code or concrete API usage—this mismatch warrants caution before installing or running it.
Guidance: This skill describes a sensible analytic purpose, but the runtime instructions are high-level and do not include scripts, endpoints, or handling rules. Before installing or running it: 1) Confirm how the agent will obtain marketplace data (public pages vs private APIs) and whether any credentials are needed — don't supply secrets unless you understand where they will be used. 2) Ask the skill author for concrete commands or scripts (or an install package) if you want the skill to run local analysis with curl/python3; otherwise the agent may try ad-hoc network calls. 3) If you plan to scan private or sensitive skills, require assurances (and ideally code) showing how data is stored/transmitted and that no external exfiltration occurs. If the author cannot provide clearer runtime details, treat the skill cautiously or test it in a sandboxed environment.

Review Dimensions

Purpose & Capability: noteName and description (detect clone farming in a marketplace) align with requiring network fetch and analysis tools. However, the skill declares required binaries (curl, python3) despite being instruction-only and providing no scripts; that's plausible but not strictly justified by the materials provided. No environment variables or credentials are requested, which is consistent with a read-only public-scan use case, but the skill does not explain how it will access marketplace data (public endpoints vs. private APIs).
Instruction Scope: concernSKILL.md describes expected inputs (Capsule/Gene JSONs, publisher node id, or search term) and outputs, and lists what it checks, but it lacks concrete runtime instructions: it does not specify how to fetch marketplace data, what endpoints to call, or whether fetching requires credentials. The document also doesn't say whether any collected code or metadata will be transmitted externally. The lack of precise commands or safe-handling guidance grants wide discretion to the agent and could lead to unexpected data access or exfiltration if the agent implements its own fetching logic.
Install Mechanism: okThere is no install spec and no code files — lowest-risk install surface. No downloads or package installs are declared.
Credentials: noteThe skill requests no environment variables or credentials, which is proportionate for a public-data analysis. That said, realistically scanning publisher catalogs or private marketplace APIs may require credentials or elevated access; the absence of any guidance about credential requirements or safe handling is a gap. If you plan to feed private marketplace data, be aware credentials might be needed and are not declared here.
Persistence & Privilege: okThe skill does not request persistent/always-on presence (always: false) and does not request other skills' configs or system-wide settings. Autonomous invocation is allowed (the platform default) but not excessive here.