Back to skill
Skillv1.1.0
ClawScan security
Gamification & XP System · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 9:46 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill claims to be a ClawdBot-facing gamification interface but contains multiple inconsistencies and requests sensitive Supabase credentials (service role key) without justification or the expected API configuration.
- Guidance
- This skill has several red flags you should resolve before installing or providing secrets: (1) Ask the publisher why the skill needs SUPABASE_SERVICE_KEY (a supabase service_role key has full DB access). For a user-facing gamification skill, the agent should normally call a ClawdBot API (which enforces access control); it should not require a service_role key. (2) Request the CLAWDBOT_API_URL and the expected API authentication method; the SKILL.md refers to API endpoints but gives no base URL or auth instructions. (3) Verify provenance: there is no homepage or source and the skill references backend files that aren't bundled — ask for the server code or a trusted deployment URL so you can audit it. (4) If you must provide credentials, prefer the narrowest-scoped API key (not service_role), store it server-side (not in many agents), and rotate keys afterwards. (5) If the publisher cannot justify direct DB access or provide source code/a trustworthy deployment, treat this skill as too risky to grant secrets to.
Review Dimensions
- Purpose & Capability
- concernThe description says this is a ClawdBot prompt interface that talks to a ClawdBot API server, but the skill asks for direct Supabase credentials (SUPABASE_URL and SUPABASE_SERVICE_KEY). The registry metadata earlier listed no required env vars while SKILL.md declares two required env vars — an internal inconsistency. The SKILL.md also references backend files (api-server/src/...) that are not present in the package, which is misleading.
- Instruction Scope
- concernInstructions describe HTTP endpoints on a ClawdBot API server, but do not declare or explain CLAWDBOT_API_URL or any API auth mechanism. At the same time the skill requires a Supabase service role key (full DB privileges) even though the documented runtime flow shows the agent talking to an API server rather than the DB directly. This ambiguity expands the agent's scope and could enable direct DB access/exfiltration if the service key is used.
- Install Mechanism
- okNo install spec or code files are provided (instruction-only), so there is no install-time code execution risk. This lowers risk but makes the other inconsistencies more important because the skill is purely declarative.
- Credentials
- concernRequesting SUPABASE_SERVICE_KEY (service role key) is disproportionate for a skill that nominally calls a ClawdBot API server. A service role key grants broad DB privileges (can bypass RLS, read/write all tables) and is highly sensitive; the SKILL.md does not justify why this key is needed. Additionally, the registry metadata did not advertise required env vars, so required secrets are not transparent.
- Persistence & Privilege
- okThe skill is not always-enabled and is user-invocable only; it does not request persistent system-level privileges or claim to modify other skills. No elevated persistence privileges are declared.