Skillv1.0.0

ClawScan security

Avro Schema Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 2:47 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions mostly match an Avro schema auditor, but it asks the agent to scan projects and call schema registries while declaring no credentials or install steps — that mismatch and the broad file-scanning commands are concerning and deserve clarification before use.
Guidance: This skill reads and analyzes Avro files and can call schema registries, but the SKILL.md expects access to your codebase and registry endpoints while declaring no credentials or install steps. Before installing or enabling it: 1) Ask the owner how registry authentication is supplied (environment vars, prompt, or agent runtime privileges). Expect names like SCHEMA_REGISTRY_URL, SCHEMA_REGISTRY_API_KEY/SECRET or AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY — confirm which are actually required. 2) Limit the scan scope — run it on a checked-out copy or specific path rather than letting it recurse your whole filesystem to avoid accidental exposure of unrelated secrets/configs. 3) Review any registry calls (curl examples) before they run and ensure responses are not sent to third-party endpoints. 4) Prefer running this skill in a sandboxed agent or CI job with least-privilege credentials. 5) If you need tighter assurance, request the maintainer publish a concrete list of required env vars and an authentication/authorization model, or provide a code-based implementation so you can audit exact network calls.

Review Dimensions

Purpose & Capability: noteThe name and description match the SKILL.md tasks (validate .avsc files, check compatibility, audit registries, generate code). However the SKILL.md expects interaction with external registries (Confluent, AWS Glue) yet the skill declares no required credentials, environment variables, or configuration paths to access them — an important capability gap/misalignment.
Instruction Scope: concernRuntime instructions tell the agent to run find/grep across user project paths and to invoke registry endpoints (example curl usage). While file discovery and registry calls are expected for a schema audit, the instructions are broad (recursive greps, discovery across unspecified paths) and could enumerate many files/configs. The doc does not constrain which paths to scan or explain how registry authentication/authorization is supplied, and it does not state any safeguards about sensitive files discovered during scans.
Install Mechanism: okThis is an instruction-only skill with no install spec or embedded code. That lowers disk-write risk — there is no package download or installation. The agent will rely on system tools (find, grep, curl) that must already exist.
Credentials: concernThe skill claims to operate with Confluent Schema Registry and AWS Glue but declares no primaryEnv or required env vars. Typical registry access requires SCHEMA_REGISTRY_URL and credentials (API key/secret) or AWS credentials for Glue. The absence of declared credential requirements is disproportionate to the stated external integrations and hides where/what secrets the agent might need or look for (the SKILL.md even greps configs for schema.registry.url).
Persistence & Privilege: okThe skill does not request always:true and does not declare any persistence or system-wide configuration changes. It appears to only direct ephemeral analysis actions at runtime.