Skillv0.1.9

ClawScan security

Aigames · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 30, 2026, 8:19 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The instructions generally match a simple file-upload-to-a-web-service workflow, but there are unexplained mismatches (target domain vs claimed GitHub repo), no declared authentication or credentials, and the skill source is unknown — those inconsistencies merit caution before use.
Guidance: Proceed with caution. The skill will send your game files to https://www.idlab.top, but it claims to publish to a GitHub repo (brianclan/aigames) without explaining the relationship — ask the author to confirm who runs idlab.top and to provide the service's privacy/security details. Do not upload sensitive or proprietary files until you verify the destination and authentication flow. Prefer testing with a dummy game and verifying the resulting GitHub repository/commit yourself. If you need direct control over commits, consider using your own GitHub workflow (git + personal token) instead of this service. If you plan to install or allow this skill to run autonomously, request the skill source, maintainer identity, and confirmation about where credentials are stored and who can access them.

Review Dimensions

Purpose & Capability: concernThe skill says it will upload games to the brianclan/aigames GitHub repo for thenext.games, but the runtime instructions target https://www.idlab.top/xlabopenapi/github/aigames. There is no explanation of how idlab.top maps to the claimed GitHub repo or who controls that service. The skill also declares no required credentials even though committing files to a GitHub repo normally requires authentication or a delegated service that holds credentials. This mismatch between claimed destination and the actual upload endpoint is unexplained and disproportionate to the stated purpose.
Instruction Scope: noteSKILL.md only instructs creating three files (config.json, index.html, preview.png) and POSTing them as multipart form-data to idlab.top endpoints. That is consistent with a simple upload workflow and does not ask the agent to read unrelated local files or credentials. However examples reference arbitrary local paths (e.g., /root/workspace/logs/config.json) and there is one malformed JSON example noted in the doc — these are quality issues but not direct proof of malicious intent. The instructions do direct potentially sensitive local files to an external server (idlab.top).
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing is written to disk by the skill itself. That minimizes installation risk.
Credentials: concernThe skill declares no required environment variables or credentials, yet its stated end goal (uploading into a GitHub repo) normally requires auth. Either the idlab.top API is a public unauthenticated proxy that performs commits (possible but risky), or the runtime omitted necessary credential requirements. The absence of any declared credential is disproportionate and leaves open the question of who holds commit privileges and how authentication is handled.
Persistence & Privilege: okThe skill does not request permanent presence (always is false) and does not ask to modify other skills or system-wide config. It appears to have no special persistence privileges.