Skillv1.1.1

ClawScan security

alista · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 12:22 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime instructions match its stated purpose (saving places from Instagram/TikTok and verifying via Google Places), but there are inconsistencies in the declared requirements and dependency manifest that merit caution before installing or handing over API keys.
Guidance: This skill appears to implement what it says, but take these precautions before installing: - Resolve the metadata mismatch: confirm with the publisher whether APIFY_API_KEY and GOOGLE_PLACES_API_KEY are required (SKILL.md and code expect them). Do not assume 'no env vars' from the registry summary. - Inspect package-lock.json vs package.json: the lockfile contains @ai-sdk/google and ai which are not in package.json — verify this is intentional. If you will run npm install, prefer npm ci with the exact lockfile in an isolated environment (container or VM) and review the dependency tree (npm ls) first. - Limit API key scope: create and supply least-privilege API keys (restrict Google key to Places API usage and restrict Apify key usage/quotas) and consider rotating keys after testing. Never reuse high-privilege credentials. - Run in sandbox: execute the skill in a disposable VM/container to ensure it only accesses the declared hosts. Check outgoing hosts (places.googleapis.com, api.apify.com, Instagram/TikTok CDNs) and watch for unexpected network activity. - Review the full package-lock and code locally for any unexpected remote endpoints or dynamic code loading before trusting inputs or providing credentials. If the owner/publisher is unknown and you cannot validate the dependency mismatch, prefer caution (sandboxed testing or decline to install).

Review Dimensions

Purpose & Capability: noteThe skill’s name, README, SKILL.md, and code implement exactly the described functionality: fetch post metadata (Apify / OG / oEmbed), optionally download images / extract frames (ffmpeg), verify via Google Places, and store locally in SQLite. However, registry metadata (top-level summary) says 'Required env vars: none' while SKILL.md and code require APIFY_API_KEY and GOOGLE_PLACES_API_KEY — this metadata mismatch is an incoherence that should be resolved.
Instruction Scope: okSKILL.md and the scripts constrain actions to the stated purpose: fetching post metadata, optional image download (to a cwd subdirectory only), optional frame extraction via ffmpeg (only for whitelisted CDN hosts), Google Places verification, and local SQLite storage. The instructions do not direct reading of unrelated secrets or system files. The use of child_process to run ffprobe/ffmpeg is expected for frame extraction and the code includes host checks and download-dir path checks.
Install Mechanism: concernThere is no install spec (lower risk in principle) but a package-lock.json is present and it contains packages not listed in package.json (top-level package-lock lists @ai-sdk/google and ai, while package.json dependencies are limited). That mismatch is suspicious because installing from the included lockfile could pull additional packages that are not obvious from package.json. No remote download URLs are present, which is good, but you should verify package-lock integrity and the intended dependency graph before running npm install.
Credentials: concernThe runtime requires two external API keys (APIFY_API_KEY and GOOGLE_PLACES_API_KEY), which are proportionate to its functionality (Apify for scraping post metadata; Google Places to verify establishments). The concern is the conflicting metadata: registry summary lists no required env vars while SKILL.md and code require these keys. That discrepancy could mislead users into running the skill without realizing it will attempt network calls using provided credentials.
Persistence & Privilege: okThe skill does not request elevated or persistent system-wide privileges. Database storage is local (alista.db in working directory). Flags show always:false and no config paths or primary credential are requested. The skill does not modify other skills or system-wide agent settings.