Back to skill
Skillv1.2.0
ClawScan security
Paragraph · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 10, 2026, 3:09 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to be a legitimate Paragraph.com API integration, but there are inconsistencies (missing declared env vars in registry metadata and absent upstream homepage/source), and the instructions encourage the agent to read local files — review before installing and provide only a scoped API key.
- Guidance
- This skill appears to implement a real Paragraph.com API client and needs a Paragraph API key and publication slug to function. Before installing: (1) Confirm the registry metadata is updated to list PARAGRAPH_API_KEY and PARAGRAPH_PUBLICATION_SLUG (the SKILL.md does, but the top-level summary does not). (2) Inspect skill.js (present in the package) yourself — it appears to call only Paragraph endpoints and uses the API key from env, but you should verify there are no additional/hidden endpoints. (3) Be aware the agent may be asked (by example prompts) to read local files (markdown or CSV) to create posts or import subscribers — only allow file access you trust. (4) Use a least-privilege API key (rotate it if possible) and avoid sharing long-lived high-privilege credentials. (5) If you need stronger assurance, request the upstream repo/homepage (the SKILL.md points to a GitHub URL but the submission shows 'Source: unknown / Homepage: none') and verify the published repository and its history before enabling the skill.
Review Dimensions
- Purpose & Capability
- noteThe skill's name, README, SKILL.md, and code all implement a Paragraph.com API client and request the Paragraph API key and publication slug — which are appropriate for the stated purpose. However, the registry metadata at the top of the submission states 'Required env vars: none' and 'Primary credential: none' while SKILL.md, package.json, and config.example.json require PARAGRAPH_API_KEY and PARAGRAPH_PUBLICATION_SLUG. That metadata mismatch is inconsistent and should be corrected/clarified.
- Instruction Scope
- noteSKILL.md and README contain examples where an agent is expected to read local files (e.g., import subscribers from /path/to/subscribers.csv or publish markdown from memory/2026-03-10.md). Reading user files is relevant to publishing/import features but grants the agent ability to access arbitrary local content when those examples are used — make sure you only allow file access you intend to share.
- Install Mechanism
- okNo install spec is provided (instruction-only style) and the code relies on Node's native fetch (Node 19+). There are no external download URLs or third-party packages. The only files included are the skill implementation and tests, which is low risk from an install mechanism perspective.
- Credentials
- concernThe skill legitimately needs PARAGRAPH_API_KEY and PARAGRAPH_PUBLICATION_SLUG (and optionally PARAGRAPH_PUBLICATION_ID and PARAGRAPH_API_BASE_URL). Those environment variables are declared inside SKILL.md, README, and package.json but were not declared in the submitted registry 'Requirements' summary — this discrepancy is concerning because the registry entry underreports required credentials. The requested env vars themselves are proportional to the skill's function.
- Persistence & Privilege
- okalways:false and default autonomous invocation are set (normal). The skill does not request system-wide configuration changes or access to other skills' credentials. It does cache publication ID/slug in-module at runtime (normal transient behavior).