Skillv1.0.1

ClawScan security

Sentiment Score · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 15, 2026, 8:44 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill legitimately implements sentiment scoring via Expanso pipelines and an LLM, but its published metadata omits required runtime dependencies (expanso-edge and an OpenAI API key) and it will send user text to OpenAI — those mismatches and data flow deserve caution before installing or deploying.
Guidance: This skill appears to do what it claims (sentiment scoring via Expanso pipelines) but there are important mismatches you should address before using it: (1) The SKILL.md and pipeline YAML require the expanso-edge binary and an OPENAI_API_KEY, but the registry metadata omitted those requirements — confirm you can and should install expanso-edge and supply an OpenAI key. (2) The service will send any input text to OpenAI; do not pass secrets, PII, or sensitive documents unless you accept that external transmission and any associated billing. (3) The MCP mode listens on 0.0.0.0 by default — only run that behind appropriate network controls. (4) The SKILL.md suggests deploying to skills.expanso.io — deploying to a third-party cloud will transfer the pipeline; review the pipeline files and trust boundaries before uploading. If you want to proceed, verify the expanso-edge/clawhub sources, explicitly set and scope OPENAI_API_KEY, and test locally with non-sensitive inputs first.

Review Dimensions

Purpose & Capability: noteThe pipelines and SKILL.md clearly implement sentiment scoring using Expanso Edge pipelines and an OpenAI chat completion. That capability matches the name and description. However, the registry-level metadata provided to you earlier claims no required binaries or env vars, while the SKILL.md and pipeline YAMLs require the expanso-edge binary and reference OPENAI_API_KEY. This is an inconsistency in declared requirements (likely an omission) that you should verify.
Instruction Scope: okThe runtime instructions are narrowly scoped to: run a local CLI pipeline, optionally start an HTTP MCP server (/score), or deploy the pipeline to Expanso Cloud. The pipelines only gather the input text and call openai_chat_completion; they do not reference unrelated system files or other environment variables. The MCP pipeline binds to 0.0.0.0:${PORT:-8080} (exposes a network endpoint) which is expected for a server mode but is a surface you should consider when deploying.
Install Mechanism: noteThis is an instruction-only skill with no install spec or bundled code, so nothing is written by the registry itself. The SKILL.md instructs users to install 'expanso-edge' (via 'clawhub install expanso-edge') and to use 'expanso-cli' to deploy. Those external install steps are reasonable for an Expanso pipeline but are not reflected in the registry's declared install requirements — verify provenance of 'clawhub' packages and the expanso-edge binary before installing.
Credentials: concernThe pipelines call openai_chat_completion with api_key: "${OPENAI_API_KEY}" and will transmit input text to OpenAI. Yet the skill metadata provided earlier listed no required env vars; skill.yaml lists OPENAI_API_KEY but marks it required: false. This is disproportionate/ambiguous: the pipeline will either fail without a key or use whatever OPENAI_API_KEY is present in the environment. If you run this, user-provided text (possibly sensitive) will be sent to OpenAI — ensure you are comfortable with that and that the key used has appropriate scope and billing controls.
Persistence & Privilege: okThe skill does not request permanent presence (always: false) and does not modify other skills or global agent settings. Running the MCP pipeline will open a network listener (user-controlled) but there is no evidence the skill attempts to persist credentials or alter system-wide configuration.