Skillv1.0.0

ClawScan security

Anspire Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 9, 2026, 6:20 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what it claims (wraps an HTTP search API) but contains mismatches and intrusive instructions—most notably a registry metadata omission of the required ANSPIRE_API_KEY and explicit guidance for the agent to persistently write API keys into user shell config—so proceed with caution.
Guidance: This skill appears to be a straightforward wrapper around a hosted search API (plugin.anspire.cn) and requires an ANSPIRE_API_KEY—but the registry metadata does not declare that requirement and the SKILL.md tells the agent to write the key persistently into your shell config. Before installing or giving a key: 1) Confirm you trust the domain (https://plugin.anspire.cn) and the skill author (source/homepage is missing in registry). 2) Prefer to set the API key yourself manually (or only for the current session) rather than letting the agent auto-write to your ~/.bashrc / ~/.zshrc; request the exact command the skill will run and review it line-by-line. 3) Use a least-privilege/rotatable API key if possible and consider storing it in a system credential manager instead of plaintext rc files. 4) If you refuse persistent storage, the skill still works with a session-only export (both scripts check ANSPIRE_API_KEY). 5) If you are concerned about provenance, ask for a verifiable homepage or repository before proceeding. If you want, I can show the exact commands the skill would run to persist the key so you can approve or edit them first.

Review Dimensions

Purpose & Capability: concernThe skill's code, README, and SKILL.md all require an ANSPIRE_API_KEY and call https://plugin.anspire.cn, which is coherent with a web-search skill. However the registry metadata lists 'Required env vars: none', creating an inconsistency between declared requirements and the actual files/instructions. The skill source and homepage are also 'unknown' / missing in registry metadata, reducing provenance.
Instruction Scope: concernSKILL.md instructs the agent to proactively ask for the user's API key and then 'automatically configure it persistently' by detecting the shell and writing export lines into ~/.zshrc, ~/.bashrc, or running setx on Windows and sourcing the files. Writing persistent environment configuration and running source are within the plausible setup for an API-backed search tool, but it's intrusive and elevates risk if done without explicit, line-by-line user confirmation. Aside from persistence, runtime behavior is limited to calling the plugin.anspire.cn API (curl/urllib), which matches the purpose.
Install Mechanism: okNo install spec; skill is instruction + two small wrapper scripts. There are no downloads from unknown URLs and no archives to extract. This is low-risk from an install perspective.
Credentials: concernThe only secret the skill needs is ANSPIRE_API_KEY, which is proportionate to a hosted search API. However the registry metadata omits this required env var while SKILL.md and both scripts enforce it—this metadata mismatch is an incoherence the user should notice. Also the SKILL.md's insistence on persistent storage (and instructions to never mask or truncate the key) increases the potential exposure of that secret.
Persistence & Privilege: concernThe skill is not marked always:true and does not modify other skills, which is good. However the runtime instructions encourage or automate persistent modification of the user's shell configuration (and sourcing it). That grants the skill the capability to change user environment across sessions; it's reasonable for an API-key setup but should only be done with explicit user approval and with clear, visible commands before writing.