Back to skill
Skillv1.1.0
ClawScan security
DeepWiki Ask · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 15, 2026, 12:44 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's declared purpose (querying a DeepWiki MCP endpoint for repo Q&A/structure/contents) is coherent with its instructions and visible code, but the provided source was truncated so a full audit wasn't possible and the skill will send user-provided repo/question data to an external service (privacy risk).
- Guidance
- This skill appears to do what it says: it runs a local Python client that sends the user-supplied owner/repo and question to DeepWiki's MCP endpoint (https://mcp.deepwiki.com/mcp) and returns results. Before installing, consider: 1) Privacy — repository names and any question text will be transmitted to an external service; do not submit secrets or private data. 2) Trust the endpoint — verify the DeepWiki domain and organization if you need to trust data handling. 3) Local file writes — the script may create or update config.json in the skill folder. 4) Long network calls — requests can take up to 30–120s per SKILL.md. 5) Incomplete source provided here — the file contents in the review were truncated, so review the full deepwiki_ask.py source locally to confirm there are no additional network endpoints, credential harvesting, telemetry, or unexpected behavior before enabling autonomous invocation. If you want higher assurance, run the script in a sandbox and inspect outbound network traffic.
Review Dimensions
- Purpose & Capability
- okName/description describe querying DeepWiki MCP for repository info; the code implements an MCP JSON-RPC client that POSTs queries to https://mcp.deepwiki.com/mcp and exposes methods for question/structure/contents. No unrelated binaries, env vars, or services are requested.
- Instruction Scope
- noteSKILL.md instructs the agent to run the included Python script with --json and parse stdout. That matches the script's intended CLI usage. The runtime behavior includes network calls to an external DeepWiki MCP endpoint using the repo and question provided by the user — expected for this skill, but it does transmit user inputs outside the host.
- Install Mechanism
- okNo install spec; this is instruction + script. No downloads, package installs, or archive extraction are present in the manifest.
- Credentials
- okThe skill requests no environment variables or credentials. It reads/writes a local config.json in its own directory (creates default if missing). All accessed configuration is proportional to the described functionality.
- Persistence & Privilege
- okalways is false, the skill does not request elevated or cross-skill configuration. It may create a local config.json (expected) but does not modify other skills or system-wide settings according to the visible files.