Skillv3.3.14

ClawScan security

Ai Task Hub · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 28, 2026, 3:24 AM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and requirements are internally consistent with its described gateway/attachment-forwarding role and do not request unrelated credentials, unexpected installs, or local filesystem access.
Guidance: This skill appears to be a gateway/orchestration package that only forwards explicit attachments and calls the gateway-api.binaryworks.app endpoints. Before installing, confirm you trust the gateway host (https://gateway-api.binaryworks.app) since attachments will be uploaded there when used; avoid sending sensitive or regulated data unless you have explicit user consent and trust the host. Note the skill may accept an optional entry_user_key supplied by your connector/runtime—ensure your connector/runtime handles continuity and secrets securely. The package does not persist files or require additional credentials, and it disallows local file-path inputs (it expects host-provided attachment URLs or bytes). If you need stronger assurance, request the developer to explain how entry_user_key and upload responses are managed by your host/connector and verify the gateway endpoint TLS/certificate and privacy policies.

Review Dimensions

Purpose & Capability: okThe declared capabilities (image analysis, background removal, ASR/TTS, markdown conversion, embeddings/reranker, etc.) match the included capability manifests, OpenAPI surface, and scripts. Required binary is only node, which is appropriate for the provided .mjs scripts. There are no environment variables or credentials required by default, which aligns with the skill claiming to be a gateway/orchestration package rather than a cloud provider client.
Instruction Scope: okSKILL.md and the runtime scripts limit behavior to: normalizing inputs, optionally uploading explicit attachment bytes to the gateway-controlled host, and calling the gateway public-bridge endpoints. The code explicitly disallows reading local file paths and throws errors if file_path/local attachment data is provided via path. The package states and enforces that it does not persist bytes or credentials to disk.
Install Mechanism: okThis is an instruction-first package with no remote install or download step. All code is bundled in the skill (scripts/*.mjs), and there are no curl|wget|execute-from-URL patterns. No additional packages are pulled at runtime by the skill itself.
Credentials: okNo required environment variables or primary credentials are declared. The code optionally reads PUBLIC_BRIDGE_ENTRY_HOST or AI_TASK_HUB_ENTRY_HOST to infer an entry host slug for bridge routing; this is a reasonable, limited convenience and not a secret. The package does accept an optional entry_user_key if provided by the host bridge, which matches its documented bridge-managed auth model.
Persistence & Privilege: okThe skill metadata and code mark published skill persistence as disabled and do not write persistent state. always is false. The package does perform network operations to the gateway-api.binaryworks.app host (the documented allowed upload and base URL), but it does not request permanent inclusion or attempt to modify other skills' configs.