Back to skill
Skillv1.0.0
ClawScan security
Core Researcher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 3, 2026, 6:58 PM
- Verdict
- Review
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions clearly require a CORE API key and direct API usage, but the published metadata claims no required credentials or install steps — this mismatch and the unknown source make the package suspicious until the metadata and provenance are clarified.
- Guidance
- This skill appears to do what it says (use the CORE API) but its metadata fails to declare the API key it expects. Before installing or using it: 1) Ask the publisher to correct the registry metadata to list CORE_API_KEY (or equivalent) as a required credential. 2) Verify the skill's source or publisher (the registry lists no homepage/source). 3) Never paste your API key into free-text chat—use secure secret injection (platform secret store or environment variable) as the SKILL.md recommends. 4) Limit the CORE API key's permissions if possible and rotate it after testing. 5) If you proceed, monitor API usage for unexpected requests and do not provide other unrelated credentials. If you cannot verify the publisher or get the metadata fixed, treat the skill cautiously or avoid installing it.
- Findings
[no_findings] expected: The static regex scanner found nothing; that's expected because this is an instruction-only skill with no code files. Absence of findings does not mean the metadata/instructions are consistent.
Review Dimensions
- Purpose & Capability
- noteThe skill describes a coherent purpose (programmatic academic research via the CORE API) and the SKILL.md content aligns with that purpose. However, the declared metadata lists no required environment variables or primary credential while the instructions explicitly instruct the agent to use a CORE API key (recommended env var CORE_API_KEY). That omission is an inconsistency (the skill legitimately needs an API key according to its instructions).
- Instruction Scope
- okThe runtime instructions stay on-topic: they describe API endpoints, fields to extract, analysis templates, and citation formats. The instructions do not tell the agent to read arbitrary files, access unrelated credentials, or transmit data to unexpected endpoints. They do, however, instruct the user/agent to supply the CORE API key at runtime.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files, which is the lowest-risk install model. There is nothing being downloaded or installed by the skill itself.
- Credentials
- concernThe SKILL.md recommends supplying an API key (CORE_API_KEY) and describes Authorization header usage, but the registry metadata lists no required env vars or primary credential. That mismatch is concerning: the skill expects a secret but does not declare it. Aside from the CORE API key, there are no other credential requests in the instructions, so the scope of secrets is limited — but the omission in metadata reduces transparency.
- Persistence & Privilege
- okThe skill is not always-enabled and is user-invocable; it does not request persistent system privileges or modify other skills. Autonomous invocation is permitted by platform default, but it does not combine with other high-privilege requests here.