Back to skill
Skillv1.0.0
ClawScan security
n8n · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 9:07 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The package claims an autonomously self‑improving agent framework, but metadata, declared requirements, and runtime instructions are inconsistent (undeclared env vars, example/simulated behavior, and an install script that writes to disk), so review and verification are needed before installing.
- Guidance
- This bundle has several red flags you should resolve before running any install script: 1) Metadata mismatch — the top name, owner IDs and in-repo slug/_meta differ from the README/SKILL.md; ask the author to confirm the canonical package name and source. 2) Undeclared env vars — the install script and docs reference OPENROUTER_API_KEY and CLAWHUB_SKILL_DIR (and other external integrations) but the skill declares none; get a clear list of required credentials and why they are needed. 3) Self-improvement claims are primarily simulated in example code (randomized cycles); confirm what actually performs network scans or automatic updates and whether it will auto-apply changes without approval. 4) The bundle includes install.sh that pip-installs packages and creates ~/.agentic_ai — do not run it as-is on a production machine. Instead: inspect the install.sh and the pip dependencies; verify the PyPI packages and their maintainers; run installation in an isolated VM or container; consider running static analysis on installed packages; request a provenance link (homepage, source repo, official docs) and an authoritative contact. If you cannot get satisfactory answers or provenance, treat this as untrusted and avoid running the installer on your primary system.
Review Dimensions
- Purpose & Capability
- concernMetadata and files disagree: the top-level name said 'n8n' but the bundle contains an 'AGENTIC AI GOLD STANDARD' skill (agentic-ai-gold) with different owner/slug details in _meta.json. The README/SKILL.md claim extensive runtime capabilities (nightly frontier scanning, access to MCP servers, on‑device persistence, commercial tiers) but the package declares no required env vars/credentials and no required binaries. Some claimed capabilities (scanning the 2026 frontier, accessing 10,000+ MCP servers) are not supported by clear credential or network configuration in the bundle — this mismatch is unexplained and disproportionate.
- Instruction Scope
- concernSKILL.md and examples describe autonomous self‑improvement and overnight research cycles and instruct the user to run 'npx clawhub@latest install agentic-ai-gold', 'clawhub doctor', and python activation. The examples simulate scanning and self‑improvement (using random values) rather than showing real network ingestion or updater logic. The install script and docs reference environment variables (CLAWHUB_SKILL_DIR, OPENROUTER_API_KEY) and external commands (clawhub review-updates) that are not declared in the skill's requirements — the runtime instructions therefore access environment/configuration not declared up front.
- Install Mechanism
- noteThe registry entry lists no formal install spec, but the bundle includes an install.sh that pip-installs multiple packages (langgraph, openai-agents, crewai, pydantic-ai, mem0, zep-python) and creates ~/.agentic_ai/config and a skill directory. The pip installs pull code from PyPI (traceable) rather than from arbitrary URLs, which is lower risk than external archives, but the presence of an install script despite 'no install spec' is an internal inconsistency and means code will be written to the user's home if run.
- Credentials
- concernThe skill declares no required environment variables or primary credential, yet the install script and docs reference OPENROUTER_API_KEY and CLAWHUB_SKILL_DIR; README claims access to MCP servers and integrations that would normally require credentials. The absence of declared credentials combined with claims of external service access is disproportionate and unexplained.
- Persistence & Privilege
- notealways:false and model invocation not disabled (normal). The install.sh creates ~/.agentic_ai/config and a skill directory under $HOME or CLAWHUB_SKILL_DIR; it does not appear to modify other skills or system-wide agent configs. This level of local persistence is expected for a framework, but you should be aware it writes to your home directory and installs packages.