ClawHub

Expanso sentiment-score

PassAudited by VirusTotal on May 12, 2026.

Overview

Type: OpenClaw Skill Name: expanso-sentiment-score Version: 1.0.0 The skill bundle is benign. Its primary function is to score text sentiment using an OpenAI LLM, as clearly stated in `SKILL.md` and `README.md`. The `pipeline-cli.yaml` and `pipeline-mcp.yaml` files define the LLM prompts, which are focused on sentiment analysis and do not contain any malicious instructions or prompt injection attempts against the LLM or the OpenClaw agent. Credentials (`OPENAI_API_KEY`) are handled via environment variables, which is a standard and secure practice. There is no evidence of data exfiltration, unauthorized execution, persistence mechanisms, or other malicious behaviors.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Concern
ASI07: Insecure Inter-Agent Communication
What this means

If the MCP server is run on a reachable network, other people or processes may submit text through it, send that text to OpenAI, and consume the user's OpenAI credits.

Why it was flagged

MCP mode listens on all network interfaces and accepts POST requests, then uses the configured OpenAI API key, with no authentication or caller restriction shown.

Skill content
address: "0.0.0.0:${PORT:-8080}" ... path: /score ... allowed_verbs: [POST] ... openai_chat_completion:
          api_key: "${OPENAI_API_KEY}"
Recommendation

Bind the server to 127.0.0.1 by default, add authentication or an allowlist, document the exposure clearly, and avoid running it on untrusted networks.

Note
ASI03: Identity and Privilege Abuse
What this means

Running the skill can send the input text to OpenAI and may incur usage against the user's OpenAI account.

Why it was flagged

The skill uses an OpenAI API key for the core sentiment-scoring call; this is purpose-aligned but gives the pipeline access to a billable account credential.

Skill content
openai_chat_completion:
          api_key: "${OPENAI_API_KEY}"
          model: gpt-4o-mini
Recommendation

Only provide OPENAI_API_KEY if you are comfortable sending the analyzed text to OpenAI; monitor usage and prefer a local backend if available and desired.

Note
ASI04: Agentic Supply Chain Vulnerabilities
What this means

The deployed cloud job could differ from the local artifact if the remote URL changes or is not the exact reviewed version.

Why it was flagged

The optional cloud deploy command fetches a pipeline from a remote URL rather than explicitly deploying the reviewed local file.

Skill content
expanso-cli job deploy https://skills.expanso.io/sentiment-score/pipeline-cli.yaml
Recommendation

Verify the remote pipeline contents before deployment, or deploy the reviewed local pipeline file instead.