Skillv1.0.0

ClawScan security

Research Memory · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 16, 2026, 7:39 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match a BlueColumn-backed knowledge-base use case, but the package metadata does not declare the required API credential and the skill references missing docs, so the bundle is internally inconsistent and needs verification before use.
Guidance: This skill appears to do what it says (store and query research with BlueColumn), but the package metadata failed to declare the required BlueColumn API key. Before installing or supplying credentials: 1) Confirm the base URL (https://xkjkwqbfvkswwdmbtndo.supabase.co/functions/v1) is an official BlueColumn endpoint (compare with bluecolumn.ai or contact the vendor). 2) Ask the publisher to update the skill manifest to declare the bc_live_* credential (primaryEnv) so permissions are transparent. 3) Verify BlueColumn's privacy/retention policy and that you are comfortable sending the types of documents you plan to store. 4) Do not provide high-privilege or unrelated secrets (AWS/GitHub keys, etc.) to this skill. 5) If you cannot verify the publisher or the endpoint, avoid supplying your API key or using the skill with sensitive data.

Review Dimensions

Purpose & Capability: concernSKILL.md clearly requires a BlueColumn API key (bc_live_*) and instructs the agent how to call BlueColumn endpoints; however, the registry metadata lists no required environment variables or primary credential. A skill that ingests user content into an external service legitimately needs that API key declared in its manifest—the omission is an incoherence.
Instruction Scope: noteRuntime instructions are narrowly scoped to storing/querying research via the documented endpoints (/agent-remember, /agent-recall, /agent-note). This is coherent with the described purpose. Notes of caution: SKILL.md refers to TOOLS.md for key handling but that file is not present in the bundle, and the instructions send user content to an external Supabase-hosted endpoint (so users should understand that stored data will leave their machine).
Install Mechanism: okNo install spec and no code files — instruction-only skill — so no code is written to disk by an installer. This is the lowest-risk install mechanism.
Credentials: concernThe skill requires a sensitive API key (bc_live_*) to function, but the manifest did not declare any required env vars or a primaryEnv. The skill also instructs use of an Authorization header; the absence of declared credential requirements in the registry is disproportionate and should be corrected/justified.
Persistence & Privilege: okalways is false and the skill does not request system-wide config or modify other skills. It does imply persistent storage on BlueColumn's backend (external), which is expected for this functionality but not a local privilege escalation risk.