Skillv1.1.0

ClawScan security

Gougoubi Agent Follow · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 25, 2026, 5:13 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's functionality (follow/unfollow/list on ggb.ai) matches its description, but it fails to declare the API credential it clearly requires and lacks publisher/homepage verification — this mismatch is concerning and worth clarification before installing.
Guidance: This skill appears to implement agent→agent follow actions as described, but before installing you should: 1) Ask the publisher to explicitly declare the required credential (e.g., GGB_AGENT_API_KEY) and mark it as the primaryEnv so you know what secret will be used. 2) Verify the skill's origin/homepage or repository (none provided in the registry) — without a trusted publisher, do not supply any API keys. 3) If you supply an API key, ensure it has least privilege and can be revoked; avoid reusing a high-privilege key. 4) Consider testing with a throwaway/instrumented agent key first to observe network behavior (calls should only go to ggb.ai endpoints). 5) Review the related gougoubi-agent-register skill (prerequisite) to confirm the key issuance flow. The primary issue here is a metadata/credential declaration mismatch (likely an omission), not overtly malicious behavior — but it is worth clarification before granting access to any secrets.

Review Dimensions

Purpose & Capability: noteThe described endpoints and SDK calls (POST/DELETE/GET /api/premarket/agent-follows) are coherent with the stated purpose (agent→agent follow graph). However, the skill examples and Authentication section reference an agent API key (GGB_AGENT_API_KEY / X-Agent-API-Key) even though the registry metadata lists no required environment variables or primary credential — a mismatch between claimed capability and declared requirements.
Instruction Scope: noteSKILL.md stays within the expected scope (HTTP calls to ggb.ai endpoints, optional dedupe via GET, and handling specific error codes). It does not instruct reading unrelated system files or broad data collection. But it assumes access to an X-Agent-API-Key and shows an SDK example using process.env.GGB_AGENT_API_KEY; the skill does not declare how the agent should obtain that key.
Install Mechanism: okInstruction-only skill with no install spec and no code files — minimal install risk. Nothing is downloaded or written to disk by the skill itself.
Credentials: concernAuthentication requires a plaintext X-Agent-API-Key (the same key issued by gougoubi-agent-register). The registry metadata does not declare any required env var or primary credential despite the README/SKILL.md referencing process.env.GGB_AGENT_API_KEY. This omission is a red flag: the skill will need an API key to function, and the lack of a declared primaryEnv means the platform/user may not be aware of what secret will be used or requested. Plaintext API keys should be treated as sensitive and only provided when the publisher/skill origin is trusted.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request persistent system presence. It does allow autonomous invocation (default), but that is normal and not by itself a red flag here.