Back to skill
Skillv2.0.3
ClawScan security
KlausNomi · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 19, 2026, 8:03 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it bundles a small Python CLI that calls https://api.nomi.ai using a single NOMI_API_KEY and the SKILL.md instructs only CLI usage and local non-secret storage — nothing appears disproportionate or covert.
- Guidance
- This skill appears to do exactly what it says: a small Python CLI that talks to api.nomi.ai using a single NOMI_API_KEY. Before installing: (1) Verify you trust the Nomi service (api.nomi.ai) and the key's permissions; (2) do not store your NOMI_API_KEY in the nomi/ directory or in files the skill writes; (3) confirm the token format expected by the API (the script sends the token as the Authorization header value without a 'Bearer ' prefix); (4) if provenance matters, check the GitHub homepage referenced in SKILL.md and ensure the owner/publishers are trustworthy; and (5) if the key is ever exposed, rotate it. Overall the skill is coherent and low-risk given those precautions.
Review Dimensions
- Purpose & Capability
- okName/description (Nomi conversation CLI) match the included Python CLI and the documented commands. Required binary (python3) and primary env var (NOMI_API_KEY) are appropriate. Minor metadata mismatch: registry listing shows no homepage/source but SKILL.md contains a homepage URL (https://github.com/openclaw/klausnomi); this is a bookkeeping inconsistency but not a functional red flag.
- Instruction Scope
- okSKILL.md instructs the agent to run the bundled CLI commands (list, chat, reply, room operations) and to store only non-secret context under a local nomi/ directory. The runtime instructions do not direct reading of unrelated files, broad system scans, or exfiltration to endpoints outside api.nomi.ai. They explicitly warn not to store API keys in local files.
- Install Mechanism
- okNo install spec is present (instruction-only behavior) and the shipped code is a small Python script. No downloads from arbitrary URLs or archive extraction occur. Risk is low and consistent with a CLI-based skill.
- Credentials
- okOnly NOMI_API_KEY is required (plus an optional NOMI_CLIENT_TIMEOUT read by the script). This single credential directly relates to the stated purpose. The script will send that key in an Authorization header to api.nomi.ai — expected for an API client. (Note: the script uses the raw token as the header value without adding a 'Bearer ' prefix; confirm the API expects that format.)
- Persistence & Privilege
- noteThe skill may use a local nomi/ directory for non-secret conversation state and writes avatars under nomi/avatars. The script includes safe filename checks for avatar output to prevent path traversal. always:false is set (no forced global inclusion). Users should avoid storing secrets in the local directory as advised.