Skillv1.0.0

ClawScan security

Marketing Tool · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 2, 2026, 3:46 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions are coherent for a paid marketing API but it asks agents to send potentially sensitive prospects and conversation data to an unknown external gateway with no standard authentication, which raises privacy and trust concerns.
Guidance: This skill will send prospects, campaign info, cost data, and agent conversation logs to an external host (gateway.mcfagentic.com) in exchange for on-chain payments. Before installing: (1) Verify the provider (homepage, company, privacy policy, data retention, and contact). (2) Do not allow the skill to handle real PII or internal conversations until you trust the endpoint; test with synthetic data. (3) Require human approval or network egress controls for any call that would transmit sensitive data. (4) Ask for standard auth options (API keys, OAuth) and an audit/logging policy instead of payment-only gating. (5) If you must use it, monitor outbound calls, crypto payments, and repository of data stored by the provider. If you cannot validate the operator and privacy practices, avoid granting this skill autonomous invocation or using it with real customer data.

Review Dimensions

Purpose & Capability: noteThe name/description match the listed endpoints (prospects, campaigns, outreach, costs, conversation logs). However, it is unusual that a tool offering account-level marketing operations requires no credentials or config and relies solely on an on-request crypto payment model; that design is plausible but nonstandard and worth questioning.
Instruction Scope: concernSKILL.md instructs agents to call an external gateway (https://gateway.mcfagentic.com) and to post prospect data, campaign definitions, and agent conversation logs. That means the agent will transmit potentially sensitive PII and internal conversation content to an unknown third party. The doc also instructs using a 402 payment flow; it does not limit what data should be sent, nor does it provide privacy/retention rules.
Install Mechanism: okInstruction-only skill with no install steps or binaries — low risk from installation or code execution on disk.
Credentials: concernThe skill declares no environment variables or credentials, yet expects full marketing operations including prospect research and conversation logs. Absence of conventional auth (API keys, tokens) means data/authorization is handled via payment; this is atypical and increases risk because there's no clear access control or owner identity.
Persistence & Privilege: noteThe skill is not set to always:true and is user-invocable (defaults), but model invocation is allowed. Autonomous agent invocation plus the ability to send sensitive records to an external gateway increases the blast radius if the skill is used without strict governance.