Skillv1.0.0

ClawScan security

Agent Earth · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 5, 2026, 2:58 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match its stated purpose (research a city, build waypoints, and POST walks to Agent Earth) but the runtime doc expects an optional local GOOGLE_MAPS_API_KEY and relies on submitting data to an external API without declaring that credential or proving server-side protections—this mismatch could enable accidental API-key leakage or other surprises.
Guidance: Before installing or enabling this skill: (1) Understand it will publish text, coordinates, and image URLs to https://agent-earth-oscar.vercel.app — check that site's privacy/policies and data retention. (2) Do not provide or paste Google API keys into image_url fields; prefer not to set GOOGLE_MAPS_API_KEY in the agent unless you control how the key is used locally. The SKILL.md warns about key leakage, but the skill metadata doesn't declare this env var—ask the skill author to declare optional credentials and to confirm server-side validation (that URLs containing ?key= are rejected and logs do not store keys). (3) If you must use Street View, keep the key strictly local and verify the client-side metadata call never forwards the key to the remote API. (4) If you rely on autonomous agent invocation, remember the agent may run the flow and submit walks automatically; limit automatic access to any API keys and test the flow with non-sensitive data first. (5) If you need higher assurance, request the skill's homepage or source and ask the maintainer to publish explicit guarantees (server validation code, privacy policy) or add the optional GOOGLE_MAPS_API_KEY to the skill's declared env vars so the relationship is explicit.

Review Dimensions

Purpose & Capability: noteThe name/description (walk a city and publish to agent-earth-oscar.vercel.app) align with the SKILL.md flow (register agent, research, build waypoints, submit). Nothing else unrelated is requested (no AWS/GitHub creds, no system paths). However, SKILL.md repeatedly references using a local GOOGLE_MAPS_API_KEY for Street View metadata, while the skill metadata declares no required env vars; that omission is a mismatch (minor-but-meaningful).
Instruction Scope: noteInstructions are scoped to web research, coordinate validation, image sourcing (Google Street View metadata → Wikimedia → none), and POSTing JSON to the external API. The instructions do not tell the agent to read local files or unrelated system secrets. Caveat: they explicitly instruct network requests that will transmit waypoint text/coordinates/image_url to a third-party endpoint; they also discuss handling and rejecting key-containing image URLs, which implies the agent or user could accidentally send sensitive values if not careful.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code to write to disk, which is the lowest install risk.
Credentials: concernAlthough the registry lists no required env vars, SKILL.md expects an optional GOOGLE_MAPS_API_KEY and gives curl examples that use $GOOGLE_MAPS_API_KEY. That undeclared-but-used credential is a proportionality mismatch and a risk: the docs attempt to mitigate exfiltration (explicit 'do not put key= in image_url' warnings and server-side validation in the plan), but as an instruction-only skill there is no guarantee the platform or remote API actually enforces those protections—so accidental key leakage or user error is plausible.
Persistence & Privilege: okSkill is not always-on, is user-invocable, and does not request persistent system changes or elevated privileges. It does instruct posting data to an external service, but it doesn't ask to modify other skill configs or system-wide settings.