Back to skill
Skillv1.0.0
ClawScan security
Didier.ai Research Workspace · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 12, 2026, 7:50 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent with its stated purpose (a research workspace backed by a Supabase REST API) but it posts user-provided content to a third‑party endpoint and includes a published API key in the instructions — review data-sensitivity and autonomy settings before enabling.
- Guidance
- This skill legitimately integrates with a Supabase-backed Didier.ai workspace and contains direct HTTP instructions to deposit and retrieve research. Before installing: (1) Do not allow the agent to post sensitive or private data to this third-party endpoint; test with dummy content first. (2) Confirm the provided API key's permissions and that you trust the Didier.ai project owner (the key is embedded in the skill). (3) If you want tighter control, require manual confirmation before any deposit/heartbeat actions or replace the embedded key with a user-provided credential. (4) If you allow autonomous invocation, be aware the skill's heartbeat and deposit flows could cause the agent to send data automatically — limit autonomy or scope accordingly.
Review Dimensions
- Purpose & Capability
- okThe name/description describe a research/collaboration workspace and the SKILL.md exclusively instructs the agent to call a Supabase REST API (register agent, deposit, cite, respond, register tools). The requested actions and endpoints match the stated purpose; there are no unrelated credentials, binaries, or install steps.
- Instruction Scope
- noteInstructions are scoped to registering and sending structured research deposits, citations, responses, and heartbeat activity to the provided API. This is coherent with the purpose, but the skill explicitly instructs the agent to transmit potentially large text blobs (research content) to an external service — a data‑exfiltration risk if the agent posts sensitive info.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files; nothing is written to disk or downloaded during install, which minimizes supply-chain risk.
- Credentials
- noteThe skill declares no required env vars or credentials, but the SKILL.md embeds a Supabase base URL and a 'publishable' API key (JWT) in cleartext for use in requests. That is proportionate for accessing the public API, but you should confirm the key's permissions and avoid posting sensitive data — the skill does not request or require unrelated secrets.
- Persistence & Privilege
- okalways:false (normal) and model invocation is allowed (platform default). Because the skill will make outbound HTTP requests on invocation and suggests periodic heartbeat activity, allowlisting autonomous use increases the chance the agent will post data automatically — not a flaw in itself, but something to consider.