Back to skill
Skillv1.0.0
ClawScan security
Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 3, 2026, 2:46 PM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's purpose (measuring LLM API latency) matches its code, but there are inconsistencies between declared requirements and what the script actually needs (it reads secrets from pass and relies on curl/bc), so review before installing.
- Guidance
- This script will read your LLM provider API keys (it expects them in pass at shared/<provider>/api-key) and send tiny requests to each provider to measure latency. Before using: (1) Confirm you have and trust the providers whose keys will be used; the script will transmit your keys to those provider APIs as part of normal requests. (2) Ensure you have the required binaries installed (pass, curl, bc, mktemp) — the registry metadata does not declare these but the script requires them. (3) If you prefer environment variables, adapt the script to source keys from env vars (the shipped script does not read them). (4) Note Google API key is used in a query parameter (may appear in logs/proxy traces); consider using header-based auth if preferred. (5) Run the script in a safe/test environment first and inspect it locally; it deletes temp files and discards response bodies, but verify it behaves as expected. The inconsistencies are likely sloppy metadata, not malicious intent, but review and adapt the script before granting it access to real credentials.
Review Dimensions
- Purpose & Capability
- okName/description match the implementation: scripts/ping.sh makes parallel requests to multiple LLM provider APIs and measures latency. The providers and models listed in SKILL.md align with the endpoints called in the script.
- Instruction Scope
- noteSKILL.md correctly instructs running scripts/ping.sh and documents that it uses `pass shared/` to retrieve API keys. The script only sends minimal prompts and discards response bodies, returning timing results. It does not attempt to read unrelated system files or exfiltrate data to third parties. However, SKILL.md suggests optionally adapting to environment variables even though the shipped script does not read them; that mismatch is a small scope ambiguity the user should address.
- Install Mechanism
- okNo install spec (instruction-only with one script). Nothing is downloaded or written to disk beyond a short-lived temp dir created at runtime. This is low install risk.
- Credentials
- concernRegistry metadata lists no required env vars or required binaries, but SKILL.md lists optional API keys and the script actually retrieves keys from `pass shared/...`. The script implicitly requires the `pass` binary plus common utilities (curl, bc, mktemp, sort). The requested credentials (provider API keys) are appropriate for the stated purpose, but the metadata omission of required binaries and the mismatch between env-vars listed in SKILL.md and the script's actual secret sourcing is an inconsistency worth noting.
- Persistence & Privilege
- okThe skill does not request permanent presence (always: false), does not modify other skills or system configuration, and does not store credentials or enable itself. It runs ephemeral network requests only when invoked.