Back to skill
Skillv1.0.0
ClawScan security
AgentScout · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 16, 2026, 11:35 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- AgentScout's code, instructions, and required secrets are consistent with its stated purpose of discovering GitHub agent projects and generating Xiaohongshu content, but it will send README/code snippets to whatever LLM endpoint you configure, so treat the API key and GitHub token carefully.
- Guidance
- Things to consider before installing or running AgentScout: - Expect that README content and code snippets will be sent to the configured LLM endpoint (LLM_BASE_URL). Do not point LLM_BASE_URL to an untrusted service if repository content is sensitive. - Use least-privilege GitHub tokens (avoid full org/admin scopes). Prefer tokens limited to public repo access if you only need public repos. - The tool writes outputs to output/ and a local SQLite DB at data/agentscout.db in the repo root; run in a sandbox or isolated directory if you want to limit persistence. - Optional IMAGE_API_KEY defaults to a third-party endpoint (siliconflow). If you supply an image key, confirm the provider and its privacy policy. - The README requests pip install -r requirements.txt; review requirements and consider installing in a virtualenv/container. Playwright (optional) will download browser binaries when installed. - If you are concerned about leaking proprietary code, either restrict the search scope to public repositories, run the code with a dummy/limited LLM endpoint, or audit/modify src/utils/llm_client.py to confirm exactly what gets sent. - Overall the skill appears internally coherent for its stated purpose; proceed if you are comfortable with the data-sharing implications and have limited token scope and an isolated runtime environment.
Review Dimensions
- Purpose & Capability
- okName/description match the implementation: the package contains GitHub searchers, a scorer, analyzers, content generators, and image/card generators. Required binaries (python3) and env vars (GITHUB_TOKEN, LLM_API_KEY) are appropriate and necessary for searching GitHub and calling an LLM. Optional IMAGE_API_KEY aligns with AI image generation.
- Instruction Scope
- noteThe runtime instructions (and code) explicitly fetch README, file trees, and key source files (up to several files and snippets) and pass those to the configured LLM for scoring and tutorial generation. This behavior is consistent with the purpose but means repository contents (including possibly sensitive code) will be transmitted to the LLM endpoint you configure.
- Install Mechanism
- noteNo formal install spec is provided; the README and SKILL.md ask you to pip install -r requirements.txt. The requirements are from standard PyPI packages (PyGithub, openai, playwright, etc.). Playwright install (optional) will download browser binaries, which is typical but worth noting.
- Credentials
- okOnly GITHUB_TOKEN and LLM_API_KEY are required; both are proportional to the functionality. IMAGE_API_KEY is optional. There are no unrelated secrets or extraneous credential requests in requires.env. You should still scope tokens minimally (e.g., public_repo or least privilege) and avoid using org-wide or highly privileged tokens.
- Persistence & Privilege
- okSkill is not always-enabled and does not request elevated platform privileges. It writes an SQLite DB under the project data/ path and writes outputs under output/, which is reasonable for local use. It does not modify other skills or system-wide agent settings.