Back to skill
Skillv1.2.0
ClawScan security
Paragraph for OpenClaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 3:15 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code, runtime instructions, and requested secrets line up with its stated Paragraph.com publishing purpose, with only minor metadata and disclosure issues to review before installing.
- Guidance
- This skill appears to do what it says: manage Paragraph.com posts, subscribers, and token data. Before installing: (1) confirm you trust the skill source (registry shows an unknown source; SKILL.md points to a GitHub repo — review that repo if possible); (2) set only a Paragraph API key created for this purpose (avoid using a highly-privileged key used elsewhere) and the publication slug; (3) do not set PARAGRAPH_API_BASE_URL to an untrusted endpoint (only change it for testing against a known host); and (4) because the registry metadata incorrectly claims 'no required env vars', verify that your OpenClaw environment properly provides PARAGRAPH_API_KEY and PARAGRAPH_PUBLICATION_SLUG before use. If you are unsure, inspect skill.js yourself or run the included test.js in a safe environment with a throwaway API key.
Review Dimensions
- Purpose & Capability
- noteThe skill is clearly aimed at Paragraph.com integration (publishing posts, subscribers, coins). The env vars the skill actually uses (PARAGRAPH_API_KEY, PARAGRAPH_PUBLICATION_SLUG, optional PARAGRAPH_PUBLICATION_ID and PARAGRAPH_API_BASE_URL) are appropriate for that purpose. One inconsistency: the registry summary at the top of the submission lists 'Required env vars: none', but SKILL.md and package.json declare PARAGRAPH_API_KEY and PARAGRAPH_PUBLICATION_SLUG as required — this is a metadata mismatch, not functional maliciousness.
- Instruction Scope
- okSKILL.md and skill.js confine operations to Paragraph API calls and local in-memory caching. The instructions ask the agent only to set and use Paragraph-related env vars and to call the documented API endpoints. The auto-discovery behavior reads the public feed to infer publication details (expected for this integration) and does not instruct reading unrelated files or system secrets.
- Install Mechanism
- okThere is no external install/download step; this is an instruction-only skill with included source files. It uses native fetch (Node 19+) and has no external dependencies. No suspicious remote URLs or archive extraction steps are present.
- Credentials
- noteRequired environment variables (PARAGRAPH_API_KEY and PARAGRAPH_PUBLICATION_SLUG) are proportional and expected. The optional PARAGRAPH_API_BASE_URL allows pointing to a custom API base (useful for testing), but if set to an untrusted endpoint it could redirect your skill's requests to a third-party server — exercise caution when overriding this. The package.json also documents the required env vars; aside from the metadata mismatch noted above, credential requests are reasonable.
- Persistence & Privilege
- okThe skill does not request persistent/always-on privileges. It caches publication ID/slug in-memory during runtime only and does not modify other skills or system-wide settings. Default autonomy (agent can call tools) is normal and not by itself a concern.