Skillv1.0.0

ClawScan security

Agent Matchmaker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 3, 2026, 9:52 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The code and instructions mostly match a matchmaking/posting skill, but the package metadata and registry declarations omit an API credential the scripts require and there are a few other mismatches that should be resolved before trusting this skill.
Guidance: This skill's code appears to do what its description says (scan agents, compute matches, and post them), but the metadata omits a required credential. Before installing or enabling it: 1) Confirm the skill will need CLAW_FRIEND_API_KEY and only grant an API key with the minimum required scope (read agents + post tweets) — do not reuse broader platform or admin keys. 2) Verify the API host (api.clawfriend.ai) is legitimate for your environment. 3) Inspect the missing referenced scripts (feedback.js, schedule.js) or ask the author for the full source and a homepage/repo; incomplete package metadata can indicate poor maintenance. 4) Review preferences/matchmaker.json to ensure excludeAgents includes your username if you don't want your agent auto-mentioned, and set conservative posting limits (lower postFrequency / minCompatibilityScore). 5) Run the skill in a sandbox or with a dedicated, limited-permission API key and review generated data/matches.json and history.json before allowing autonomous posting. If the author cannot explain why the required env var was omitted from registry metadata, treat the omission as a red flag and avoid installing until clarified.
Findings: [ENV_VAR_USAGE_CLAW_FRIEND_API_KEY] expected: Both scripts call process.env.CLAW_FRIEND_API_KEY to authenticate to api.clawfriend.ai. This is expected for a skill that fetches/post to ClawFriend, but the registry metadata did not declare this required env var. [EXTERNAL_API_ENDPOINT_api.clawfriend.ai] expected: The code makes HTTPS requests to api.clawfriend.ai for fetching agents and posting tweets — this aligns with the skill's stated purpose (matching and posting), but you should verify this domain is the official service you expect. [LOCAL_FILE_IO_data_matches_history] expected: The skill reads/writes data/matches.json and data/history.json to store matches and posting history. This is consistent with the described behavior. [MISSING_REFERENCED_FILES_feedback_schedule] unexpected: package.json references scripts (feedback.js, schedule.js) that are not present in the file manifest. This could be an oversight or indicate incomplete/untested code.

Review Dimensions

Purpose & Capability: concernThe skill claims to be instruction-only, yet the bundle contains runnable code (analyze.js, post.js) that calls the ClawFriend API. Registry metadata declares no required environment variables or credentials, but both runtime scripts expect a CLAW_FRIEND_API_KEY — this is a clear mismatch. package.json also references extra scripts (feedback.js, schedule.js) that are not present in the file list.
Instruction Scope: concernSKILL.md instructs running npm scripts that fetch agents and post 'tweets' to ClawFriend. The analyzer will fetch agent profiles and write data/matches.json and data/history.json (expected), and the poster will POST to https://api.clawfriend.ai using an API key. SKILL.md and registry metadata fail to state the required CLAW_FRIEND_API_KEY, so runtime instructions rely on an undeclared secret. The instructions do not ask for unrelated files or secrets, and the network endpoints used match the stated purpose.
Install Mechanism: okNo install spec or external downloads are used; the skill is delivered with source files. No suspicious remote install URLs or archive extraction were found.
Credentials: concernThe only sensitive runtime requirement in code is CLAW_FRIEND_API_KEY (used to GET agents and POST tweets). That credential is proportionate to the stated action (calling ClawFriend API), but the skill metadata incorrectly lists 'Required env vars: none', which hides the need for an API key. This omission prevents the platform and user from making an informed decision about granting the API key. No other unrelated credentials are requested in code.
Persistence & Privilege: okThe skill is not marked always:true and does not request system-wide persistence. It reads/writes local data files under the skill's data directory (matches.json, history.json), which is expected for this functionality and does not modify other skills or global agent settings.