Back to skill
Skillv1.0.0
ClawScan security
Api Rate Limiter Designer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 30, 2026, 1:46 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's purpose (designing and implementing rate limiters) matches its instructions, but there are inconsistencies and missing declarations (shell commands, file access, and a buggy Redis code example) that merit caution before use.
- Guidance
- This skill generally does what it claims, but proceed cautiously. Specific things to consider before installing or running it: (1) The SKILL.md runs shell commands that read access logs — ensure the agent is not given access to sensitive logs or other files you wouldn't want processed or transmitted. (2) The skill declares no required binaries yet uses awk/sort/uniq/head — confirm those tools exist in the execution environment or the instructions will fail. (3) The Express+Redis example contains a likely incorrect API usage (sendCommand/redis.call) and hardcodes an unauthenticated Redis connection; review and test generated code in a safe/staging environment and add proper Redis authentication and error handling. (4) Avoid giving secrets to the skill; if you need the agent to analyze production traffic, sanitize or copy logs to a controlled test dataset first. If you want higher assurance, ask the author for clarifications (required runtime tools, exact log formats expected, and corrected Redis client code).
Review Dimensions
- Purpose & Capability
- noteThe name/description (rate limiting design and Redis-backed distributed limiting) aligns with the instructions and examples. However the SKILL.md contains shell commands (awk, sort, uniq, head) and log-file analysis steps even though the skill declares no required binaries or files — a mismatch between the declared requirements and the runtime actions.
- Instruction Scope
- concernRuntime instructions explicitly tell the agent to read local access logs (e.g., cat access.log | awk ... ) and run shell pipelines. That behavior is coherent for traffic analysis but raises scope concerns: the skill assumes access to local logs (which may contain sensitive data) and invokes system utilities without declaring them. The instructions are broad (parse 'access.log') and could be executed against arbitrary paths if an agent runs them, increasing risk of accidental data access/exfiltration.
- Install Mechanism
- okNo install spec (instruction-only) — lowest install risk. Nothing is written to disk by the skill itself.
- Credentials
- noteThe skill requests no environment variables or credentials, which is appropriate for an instruction-only design doc. One caveat: the implementation sample connects to Redis at localhost:6379 with no auth and shows a sendCommand mapping to redis.call that appears incorrect for typical Node Redis/ioredis usage. If you deploy code generated by this skill you will need to supply proper Redis credentials and verify client APIs — the skill does not ask for or manage those secrets.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request permanent presence or special privileges.