Skillv1.0.0

ClawScan security

brand-sentinel · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 14, 2026, 11:16 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (search a web‑search API, dedupe, filter by time, and output structured results); nothing requested is disproportionate, but review the local token requirement and the hardcoded APP_KEY.
Guidance: This skill appears coherent for brand monitoring, but check two things before installing: (1) the script expects a local token service at http://127.0.0.1:18432/get_token — only run this skill if you know and trust that local service (it supplies the Bearer token used to call the remote search API); (2) the repo contains a hardcoded APP_ID/APP_KEY — treat these as public/stale secrets unless you can verify their provenance. Run the script in an isolated environment if unsure, inspect or replace the token provider with one you control, and avoid supplying any unrelated system credentials. If you need stronger assurance, request the author/source and confirm the intended AutoGLM endpoint and key lifecycle.

Review Dimensions

Purpose & Capability: okThe name/description (brand monitoring, de-duplication, time filtering, JSON output) matches the implementation: scripts/sentinel.py calls a web-search API, builds queries, deduplicates URLs, parses dates and emits structured JSON/text. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope: okSKILL.md simply instructs the agent to run scripts/sentinel.py or provide a config file. The runtime instructions and the script do not ask the agent to read arbitrary system files or exfiltrate unrelated data. The only runtime network interactions are to a web-search API and a local token service as documented.
Install Mechanism: okThere is no install spec (instruction-only with an included script). The Python script has no third‑party install step other than optional certifi. No downloads from untrusted URLs or archive extraction are present.
Credentials: noteThe skill does not request environment variables, which is proportional. Two items deserve attention: (1) the script requires a local AutoGLM token service at http://127.0.0.1:18432/get_token — this is an explicit runtime dependency and the token service must be trusted (it provides an Authorization Bearer token used for remote searches); (2) the script contains hardcoded APP_ID and APP_KEY values. Hardcoded keys in shipped code are a maintenance/security smell (they may be public or stale) but are coherent with the code's authentication scheme.
Persistence & Privilege: okThe skill does not request persistent/always-on inclusion and does not modify other skills or system-wide agent settings. It runs only when invoked.