Skillv1.0.0

ClawScan security

Expanso json-flatten · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:44 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill claims to produce a flattened JSON object but its pipelines do not implement flattening and they return the original object (including all input fields) — functionally inconsistent and a potential data-leak/privacy risk.
Guidance: This skill is internally inconsistent: it advertises "flattened" output but the pipelines simply parse the JSON and return the original object plus key summaries and metadata (trace_id, timestamp). Before installing or deploying: - Do not run this on sensitive data: the pipelines include root.original in outputs, so input contents will be returned/served and could be exposed. - If you need true flattening (dot notation), ask the author to implement and test a proper flatten step — currently none exists. - Be cautious when running the MCP pipeline: it listens on 0.0.0.0:${PORT:-8080}, which exposes an HTTP endpoint; configure PORT, firewall, or access controls before binding to public interfaces. - Review or test the behaviour locally with non-sensitive inputs. If you plan to deploy to Expanso Cloud, confirm the destination (https://skills.expanso.io) is trusted and understand that deployment publishes pipeline definitions externally. Given these inconsistencies, treat the skill as untrusted until the author fixes the mismatch between claimed outputs and actual pipeline behavior and documents intended privacy guarantees.

Review Dimensions

Purpose & Capability: concernskill.yaml and README claim a "flattened object with dot notation keys" as the output, but both pipeline-cli.yaml and pipeline-mcp.yaml do not perform any flattening. They return the parsed original object and summary fields (top_level_keys, key_count, metadata). The declared capability (flattening to dot notation) is not implemented by the provided runtime instructions.
Instruction Scope: noteSKILL.md only instructs using expanso-edge to run the included pipeline YAMLs and how to deploy to Expanso Cloud. Pipelines parse input JSON and include the full parsed object in the output (root.original). That means any input, including sensitive fields, will be echoed in outputs and — if deployed or served — transmitted over network. The MCP pipeline binds to 0.0.0.0:${PORT:-8080} and exposes POST /flatten, which will accept external requests if deployed without network controls.
Install Mechanism: okInstruction-only skill with no install spec and no code files. No downloads or installers are present, so there is no installation risk from unknown binaries or archives.
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths. The runtime instructions use only expanso-edge and expanso-cli as expected.
Persistence & Privilege: okThe skill is not always-enabled and does not request system-wide persistence or modify other skills. It can be invoked by the agent (normal behaviour) but has no elevated platform privileges.