Skillv1.0.0

ClawScan security

Web Star Studio's Flow PMS · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 12, 2026, 11:19 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime instructions mostly match its stated purpose (talk to a FlowDeck API), but there are important inconsistencies and a risky default that could send your API key to a hard-coded external Supabase endpoint if you don't explicitly set the base URL.
Guidance: Before installing or running this skill: 1) Treat it as untrusted until you verify the author — the source is unknown. 2) Do NOT export your primary Flow/organization API key globally; prefer a least-privileged key scoped for read-only testing. 3) Explicitly set FLOWBOARD_BASE_URL to your own trusted FlowDeck/Supabase gateway before running; do not rely on the hard-coded default (https://mycivgjuujlnyoycuwrz.supabase.co/functions/v1/api-gateway) because it will cause requests (and your API key) to be sent to that external domain. 4) Test first with read-only operations (list/get) and confirm responses are as expected. 5) Inspect or run the scripts in an isolated environment (sandbox or ephemeral VM) to verify behavior. 6) Ask the publisher to update registry metadata to declare required env vars and to remove or make explicit any default external endpoints. 7) If you cannot verify the owner or do not control the base URL, avoid providing any real API key; instead create a disposable/limited API key and rotate it after testing.

Review Dimensions

Purpose & Capability: concernName/description match the included scripts: the code implements CRUD and lookup flows against a FlowDeck REST API via a Supabase Edge Functions gateway. However the registry metadata claims no required env vars or primary credential while the code clearly requires an API key (FLOWBOARD_API_KEY) and optionally a base URL (FLOWBOARD_BASE_URL). Also the code ships a hard-coded default base URL pointing to a specific supabase.co domain, which is disproportionate for a generic 'FlowDeck' skill and can redirect traffic to that external endpoint unless the user overrides it.
Instruction Scope: noteSKILL.md instructs the agent to run the included Python scripts (via 'uv run') and to operate from the user's working directory. The runtime behavior is limited to calling the configured API gateway using provided API key/base URL and summarizing results. The scripts do not read unrelated system files or credentials. Minor oddity: the instruction 'Always run from the user's current working directory so any output files are saved there' is inconsistent with the scripts, which print JSON and do not create files.
Install Mechanism: noteThere is no install spec (instruction-only skill with code files). The scripts declare a dependency on httpx (and require Python >=3.10) and expect the 'uv' runner to be present. That is lower-risk than downloading/executing remote archives, but the skill relies on the runtime to provide dependency resolution (uv) which the user must trust.
Credentials: concernThe code expects FLOWBOARD_API_KEY (required) and FLOWBOARD_BASE_URL (optional) and also accepts keys passed via CLI args. Those env vars are proportionate to the stated purpose — the ability to authenticate to the Flow API is necessary — but the registry metadata does not declare these requirements (mismatch). Critically, a default FLOWBOARD_BASE_URL is hard-coded to a specific supabase.co domain in multiple files; if the user does not explicitly set FLOWBOARD_BASE_URL, their API key (or the key they export) may be sent to that external domain. This default endpoint is unexpected for a generic skill and raises an exfiltration risk unless the base URL is deliberately set to a trusted instance.
Persistence & Privilege: okThe skill does not request permanent inclusion (always:false) and does not modify other skills or system-wide settings. It runs on-demand and only uses environment variables and network calls consistent with its function.