Back to skill
Skillv1.0.0
ClawScan security
Contractor Marketing · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 4, 2026, 2:01 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill mostly matches its marketing purpose, but there are several inconsistencies and a clear external endpoint with an embedded API key that warrant caution before installing.
- Guidance
- This skill reads and stores detailed business data (address, phone, license numbers, payment methods, employees) and instructs the agent to query an external Supabase endpoint using a hard-coded API key included in the SKILL.md. Before installing, ask the skill author: (1) what is the Supabase endpoint and what data is sent/retained there? Is that API key read-only/public (anon) or a privileged key? (2) Where and how is MEMORY.md/workspace memory stored and who can access it? (3) How does the skill actually connect to Google, Meta, SMS/email providers—what credentials will it request and how are they stored? If you require privacy for customer or business data, do not provide PII until you get clear answers and ideally a version of the skill that uses your own credentials (not an embedded key) and explicit consent for remote calls. If you proceed, limit sensitive inputs, confirm retention/retention period, and consider running the skill in a sandboxed environment.
Review Dimensions
- Purpose & Capability
- concernThe skill claims to manage many live integrations (Google Business Profile, Google Search Console, GA4, Meta Ads, SMS/email sending, etc.) but declares no required environment variables, credentials, or config paths for connecting to those services. That mismatch suggests the skill either cannot actually perform those live actions without additional secrets, or it expects to use other agent/global credentials (not declared).
- Instruction Scope
- concernRuntime instructions ask the agent to run a curl command against an external Supabase URL (including an API key) to pull strategy content, ask 35 onboarding questions (collecting PII such as business name, address, phone, license numbers, payment methods), save answers to workspace memory or MEMORY.md, and set up recurring cron tasks. The external call means user inputs or queries could be sent off-site; the onboarding questions collect sensitive business data which could be retained or transmitted.
- Install Mechanism
- okNo install spec or code files that execute on install — this is instruction-only, which minimizes installation-time code risk. There is no package download or binary installation declared.
- Credentials
- concernNo required env vars are declared despite the skill describing functionality that normally needs many credentials (Google, Meta, email/SMS providers). Separately, the SKILL.md contains an embedded Supabase API key in clear text and a URL; embedding an API key in the instructions is unusual and could allow access to that external project. It's unclear whether that key is read-only/public or a privileged token and whether the endpoint will record queries (including any user-provided inputs).
- Persistence & Privilege
- notealways:false (normal) and user-invocable:true. The skill asks the agent to set up scheduled/cron tasks and to store onboarding answers in MEMORY.md or workspace memory — this implies ongoing state and recurring outbound activity, but there is no mechanism shown to actually create OS cron jobs. Users should consider how memory is stored and who can access it; the skill’s requests could result in persistent storage of business PII within the agent.