Skillv1.1.0

ClawScan security

Chonkie DeepResearch · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 6:40 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions mostly match its stated purpose (using the chdr CLI to run research), but there are mismatches and a few risky installation/persistence recommendations that the registry metadata does not reflect.
Guidance: This skill appears to do what it says (use the chdr CLI to run research), but check these before installing/using: - Metadata mismatch: SKILL.md refers to CHONKIE_API_KEY / `chdr auth login`, yet the registry lists no required env vars or primary credential. Expect to provide an API key; ask the publisher to correct the metadata for clarity. - Installation risks: SKILL.md suggests `cargo install` and a curl|sh rustup installer. Prefer installing chdr from an official release or a vetted package manager and review any scripts before running curl|sh. - Persistence: the doc recommends creating cron jobs and spawning sub-agents. If you don't want background polling or long-running autonomous tasks, avoid adding cron entries and restrict the agent's ability to spawn sub-agents. - /tmp files and data handling: the workflow writes full reports to /tmp and instructs the agent to only read portions. If reports contain sensitive data, ensure /tmp is acceptable and that you or the agent enforce the 'read only first N lines' behavior. - API key scope and storage: treat CHONKIE_API_KEY like any secret — limit its permissions, store it safely, and avoid exposing it to untrusted skills or logs. If you want higher assurance, request from the publisher that they: (1) update the registry metadata to declare CHONKIE_API_KEY as the primary credential, (2) provide an official install/release URL for chdr, and (3) document exactly what the sub-agent will be permitted to do.

Review Dimensions

Purpose & Capability: okName/description align with the required binary (chdr) and the documented workflow: running chdr to produce research reports. Asking for an API key (CHONKIE_API_KEY) and using chdr auth is coherent with a CLI that talks to labs.chonkie.ai. No unrelated services or binaries are requested.
Instruction Scope: noteThe SKILL.md instructs the agent to run chdr commands, write results to /tmp, use python one-liners to extract fields, spawn a sub-agent for long-running jobs, and optionally set a cron entry to poll status. These actions are within the stated purpose (running and monitoring research jobs), but the doc also prescriptively tells the agent to avoid loading entire files and to only read parts—this is safe guidance but relies on the agent following limits. The cron suggestion introduces side effects outside the agent's immediate runtime.
Install Mechanism: noteThe skill is instruction-only (no install spec). SKILL.md suggests installing chdr via `cargo install chdr` and, if needed, installing Rust via a curl|sh script (rustup). That is a network-based install suggestion which can pull and build code from crates.io and fetch an installer script — a legitimate but higher-risk operation compared to a vetted package manager. The registry metadata did not include an install step, so the user must perform these installs manually if desired.
Credentials: concernSKILL.md references CHONKIE_API_KEY and the `chdr auth login` flow, but the registry metadata lists no required environment variables and no primary credential. This is an incoherence: the skill effectively requires an API key for the service but does not declare it in the metadata. Requesting an API key for chonkie.ai is expected, but the missing declaration reduces transparency and is worth flagging.
Persistence & Privilege: noteThe skill does not demand always:true or other elevated platform privileges. However, it suggests creating a cron job to poll status (a persistent background task) and strongly recommends spawning sub-agents for long-running work. These are normal for long-running research jobs but can create persistent side effects on the host if followed; the skill itself does not modify other skills or global agent settings.