Skillv1.1.0

ClawScan security

EdStem · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 17, 2026, 2:54 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill generally does what it claims, but both included scripts contain a hardcoded EdStem bearer token and the package's declared requirements do not match the credential handling — this is a security/integrity concern you should resolve before use.
Guidance: Don't run this as-is. Both scripts include a hardcoded EdStem bearer token — that is a secret and its presence is a red flag. Before installing or running: 1) Treat the included token as compromised; do not use it. 2) Replace the ED_TOKEN usage with a secure pattern (read token from an environment variable or a permissioned config file) and remove any hardcoded token from the code. 3) If you are the owner of the included token, rotate/revoke it immediately. 4) If you don't know who published this skill, prefer to fork or copy the scripts locally, remove the hardcoded token, and audit the code (and any leftover developer-specific paths like /home/axel) before running. 5) Consider running fetches with a least-privilege token and avoid storing tokens in repo files; add any local token file to .gitignore. These steps will reduce the risk of unauthorized access or accidental data exposure.

Review Dimensions

Purpose & Capability: okThe name/description match the code and SKILL.md: both Python and bash scripts call EdStem's API to list and fetch threads, format output, and differentiate staff vs student. No unrelated services or binaries are requested.
Instruction Scope: noteRuntime instructions stay within the stated purpose (fetching EdStem threads). The SKILL.md instructs users how to obtain a Bearer token via browser DevTools and to insert it into the Python script (ED_TOKEN), which is functional but insecure. Quick-start examples include a developer-specific path (/home/axel/...), indicating leftover local configuration.
Install Mechanism: okNo install spec (instruction-only) and included scripts are run locally. There are no downloads or external installers. This minimizes installer risk, but the included code will execute on the user's system when run.
Credentials: concernThe skill declares no required credentials, yet both scripts contain a hardcoded ED_TOKEN value (same token in fetch-edstem.py and fetch-edstem.sh). Embedding an active bearer token in distributed code is a major mismatch and a sensitive secret leak: it exposes whoever owns that token and may let anyone running the scripts access that account's EdStem data. The SKILL.md/README instructs editing the script to paste your token instead of using environment variables, which is poor practice and inconsistent with typical credential handling.
Persistence & Privilege: okThe skill does not request persistent/always-on privilege and does not modify other skills or global agent configuration. It suggests user-managed automation (cron), which is a user action and not an automatic permission escalation by the skill itself.