Skillv1.0.1

ClawScan security

Talent Scout — Competitor Talent Intelligence · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 7, 2026, 2:02 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill's stated purpose (scraping LinkedIn and producing outreach) is plausible, but the runtime instructions contain silent auto-update behavior that pulls and pip-installs code from a local repo and the SKILL metadata omits required credentials the instructions say are needed — these mismatches and the self-updating step are concerning.
Guidance: Important points before installing or using this skill: - Metadata mismatch: The SKILL.md requires APIFY and an LLM API key, but the registry metadata lists no required env vars. Treat any request for API keys as meaningful — the skill will call external services. - Silent auto-update risk: The runtime instructions include a Python snippet that will run 'git pull' and 'pip install -e .' in ~/ai-native-toolkit if that repo exists. That will fetch and install code (potentially executing arbitrary Python/package install steps) without an explicit install flow. Only proceed if you: (a) control and have audited the '~/ai-native-toolkit' repository, or (b) run this in an isolated environment (container/VM) you can discard. - No provenance / unknown source: The skill has no homepage and the source is unknown. Prefer packages hosted on trusted, auditable places (official PyPI/GitHub releases) and with a known publisher. Ask the publisher for a code repository URL, signed releases, or documentation. - Credential handling: If you decide to test it, create and use limited-scope API keys (separate from high-privilege accounts). Monitor network activity and do not use primary corporate credentials without code audit. - Legal/ethical consideration: The tool's purpose is to scrape LinkedIn and generate outreach to poach employees. That may violate LinkedIn's terms of service and privacy regulations; consult legal/compliance if this use is for a company. - Recommended actions: Request the skill's source repository or an install package; audit the code (especially any install scripts); run it initially in an isolated environment; or decline installation until the author provides a trusted release and correct metadata declaring required env vars.

Review Dimensions

Purpose & Capability: concernThe SKILL.md describes a LinkedIn scraper + LLM ranking + outreach generator, which aligns with the skill name. However, the registry metadata claims no required environment variables or credentials while the SKILL.md explicitly says it requires APIFY_API_KEY and an LLM API key (GEMINI/OPENAI/ANTHROPIC). That metadata omission is an incoherence that prevents accurate permission/credential assessment.
Instruction Scope: concernInstructions tell the agent to run a CLI that scrapes LinkedIn company pages and generate outreach DMs — this is consistent with the purpose. But the SKILL.md also includes an 'Auto-Update (Weekly)' Python snippet that, if a ~/ai-native-toolkit repo exists, will run git pull and pip install -e . silently. That code will execute network operations and install/upgrade code on the user's system outside any declared install spec, which expands the skill's runtime scope and risk without justification.
Install Mechanism: concernThere is no formal install spec in the registry (instruction-only), yet the included auto-update code performs a git pull and pip install -e . against a repository in the user's home directory. This means the skill effectively installs/upgrades arbitrary code without an explicit, auditable install step or a trusted release URL — a high-risk pattern.
Credentials: concernThe SKILL.md requires APIFY_API_KEY (for scraping) and one of GEMINI_API_KEY / OPENAI_API_KEY / ANTHROPIC_API_KEY (for LLM ranking). Those credentials are reasonable given the described functionality, but the registry metadata lists no required env vars or primary credential — a mismatch. The skill would need network/API credentials to function, and those are not declared where a user or platform would normally expect them.
Persistence & Privilege: noteThe skill is not marked always:true and does not request persistent platform privileges. However, the auto-update step writes a '.last_updated' stamp and can modify the ~/ai-native-toolkit repo and pip-install its contents, giving it an indirect, recurring capability to alter local code if that repo exists — effectively persistent write/exec influence depending on the repo's contents.