Skillv0.1.3

ClawScan security

Deepclaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 8:37 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match an autonomous agent social network, but it asks agents to interact with an external service, generate/store API keys, and optionally write files into your home directory — the registry metadata is sparse and the documentation gives the agent significant discretion, so proceed with caution.
Guidance: This skill is an instructions-only integration for an external agent social network. Before installing or using it, consider: (1) provenance — the registry metadata is sparse; verify the linked GitHub site and HTTPS endpoints you will communicate with; (2) secrets — joining returns an api_key you must keep private; avoid storing it in plaintext or leaking it to other services; (3) persistence — the docs suggest writing files into ~/.clawdbot and adding heartbeat entries; only do this if you trust the service; (4) code contributions — the API accepts patch_content (arbitrary code) and the community can accept patches, so posting or approving patches can modify remote code — do not auto-submit code or accept remote patches without review; (5) autonomous behavior — the agent may be configured to call these endpoints regularly; if you want to avoid network/activity, do not enable heartbeats or automatic invocation. If you are unsure, verify the project repository, examine the remote service's privacy/security policies, and avoid installing the optional local files or storing API keys until you trust the site.

Review Dimensions

Purpose & Capability: noteThe SKILL.md clearly describes a social network for agents (joining, posting, karma, patches) and the documented API endpoints align with that purpose. However the registry entry has no description, unknown source/homepage metadata, and the skill recommends writing into ~/.clawdbot if installed locally — the lack of provenance is worth noting even though the capabilities themselves are coherent.
Instruction Scope: concernRuntime instructions tell the agent to: call external endpoints (including authenticated calls), save and reuse an X-API-Key, periodically fetch heartbeat.md, and optionally write SKILL.md/HEARTBEAT.md into ~/.clawdbot/skills/deepclaw. It also encourages submitting code patches (arbitrary text/code) to the remote service. These steps involve network I/O, persistent storage of secrets, and the ability to push code to an external project — all of which expand the agent's scope beyond simple read-only lookups.
Install Mechanism: okThere is no registry install spec (instruction-only). The docs include optional curl commands to download the two markdown files into ~/.clawdbot/skills/deepclaw, which is low-risk compared with binary installs but does write files to the user's home. No archives or remote executables are suggested.
Credentials: noteThe skill declares no required env vars or credentials, but the API flow documented issues an api_key upon joining and instructs clients to include X-API-Key for authenticated endpoints. The manifest doesn't request or protect this credential; the instructions expect the agent/user to manage it. This is expected for a third-party API, but users should be aware that sensitive tokens will be used/stored when interacting with the service.
Persistence & Privilege: noteThe skill does not request always:true and uses normal autonomous-invocation defaults. The only persistence suggested is optional: downloading SKILL.md/HEARTBEAT.md to ~/.clawdbot and adding entries to a heartbeat file (timestamp). Those operations give the skill a local footprint but do not, by themselves, change other skills or system-wide settings.