Back to skill
Skillv1.2.0
ClawScan security
Paragraph · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 10, 2026, 3:09 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, environment requirements, and runtime instructions are coherent with a Paragraph.com blogging integration, but be aware it can read local content for imports and will publish posts onchain immediately (irreversible action).
- Guidance
- This package appears to be a legitimate Paragraph.com API client and asks only for the Paragraph API key and publication identifiers. Before installing: 1) Treat PARAGRAPH_API_KEY like any API secret — limit its scope in Paragraph if possible and store it securely. 2) Be aware the skill publishes posts immediately onchain (no draft mode); avoid enabling fully autonomous createPost calls unless you trust the agent prompts and safeguards. 3) The README and examples show importing CSVs and reading local markdown files; if you don't want the agent to access local files, restrict its file access or avoid using those tools. 4) The repository/homepage referenced in the SKILL.md (GitHub URL) should be checked manually if you want source provenance; test scripts and a minor module-export mismatch exist but are implementation issues rather than security blockers. If you plan to use batch/import features, confirm rate limits and review any subscriber data before uploading.
Review Dimensions
- Purpose & Capability
- okThe skill is a Paragraph.com API client. The declared env vars (PARAGRAPH_API_KEY, PARAGRAPH_PUBLICATION_SLUG, optional PARAGRAPH_PUBLICATION_ID and PARAGRAPH_API_BASE_URL) match the described purpose. There are no unrelated credentials, binaries, or install steps that don't belong to a blogging API integration.
- Instruction Scope
- noteSKILL.md and README instruct the agent to create posts, list subscribers, and import CSVs. Some examples and agent prompts assume access to local files (e.g., importing subscribers from /path/to/subscribers.csv or reading markdown from memory/2026-03-10.md). That is consistent with a content automation skill, but it means the agent (when allowed) may read local files to assemble content or subscriber lists. Additionally, created posts are published immediately onchain by Paragraph (no draft mode by API), so publishing is effectively irreversible—this is an important operational risk to understand before enabling autonomous workflows.
- Install Mechanism
- okThis is instruction-only / code-included with no install spec and no external download. The package contains skill.js and supporting files but no installation step that pulls remote code; it uses native fetch and has zero external dependencies declared. Low installation risk.
- Credentials
- okRequested environment variables are proportionate and expected for this integration: an API key and publication slug/ID and optional base URL. No unrelated secrets or broad platform keys are requested.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request unusual persistent privileges. It does cache discovered publication ID/slug in-process, which is normal. Autonomous model invocation is allowed (platform default) but not combined with other concerning flags.