Skillv1.2.0

ClawScan security

Agent Render Linking · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 13, 2026, 7:55 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, requirements, and behavior are coherent with its stated purpose (creating agent-render.com viewer links) and it requests no extra credentials or installs; main cautions are privacy-related (network fetches and how platforms handle links).
Guidance: This skill is coherent and needs no credentials or installs, but consider privacy and preview behavior before using it with sensitive data: the arx flow fetches a dictionary from agent-render.com (which reveals a network request to that host), and links containing content in the URL can be stored in browser history or exposed via platform link previews or logs. If you will share sensitive artifacts, self-host agent-render or avoid embedding secrets in the generated link; test how your target chat/platform handles link unfurling before sending links publicly.

Review Dimensions

Purpose & Capability: okThe name/description match the SKILL.md: it explains how to construct agent-render.com links and which codecs/envelope formats to use. There are no unrelated env vars, binaries, or install steps requested.
Instruction Scope: noteThe runtime instructions are narrowly focused on serializing an envelope and encoding it into a URL fragment; they do not ask the agent to read files, environment variables, or other system state. Two operational points to be aware of: (1) the arx codec workflow requires fetching https://agent-render.com/arx-dictionary.json (a network call to the service) to build the substitution dictionary locally, and (2) embedding content into URLs means the artifact will appear in the link (browser history, user-visible URL) even though the fragment is not intended to be sent to the server. Also be cautious about link unfurling/preview behavior on platforms (Slack, Discord, social networks) which can cause external services to fetch or expose content.
Install Mechanism: okInstruction-only skill with no install spec and no code files. This is low-risk because nothing is written to disk or executed by default by the skill itself.
Credentials: okNo environment variables, credentials, or config paths are requested. The required network access (to agent-render.com for dictionary fetch and the viewer domain itself) is logically proportional to the stated purpose.
Persistence & Privilege: okThe skill does not request always: true or any elevated/system-wide persistence. Default autonomous invocation is allowed (platform default) and appropriate for this type of helper.