Skillv1.0.0

ClawScan security

Niche - Peer to Peer Trading Cards Marketplace · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:17 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's documentation describes a CLI and server-side system, but there is no install or code provided — the runtime instructions expect a 'niche' binary and node that are not supplied, and the metadata schedules periodic runs, which is internally inconsistent and warrants caution.
Guidance: Do not install or run this skill yet. Ask the publisher for the source code or an installable package (npm/github) that provides the 'niche' CLI and verify the package is signed or published by a known author. Confirm the hosted backend repository and privacy/security controls (who controls the Supabase/Vercel projects). Verify where passkeys and any local auth (~/.niche/auth.json) are stored and whether private keys remain under your control. If you test, do so in a sandboxed environment and avoid using real funds/credentials until you can inspect the client and backend code and confirm a trusted source.

Review Dimensions

Purpose & Capability: concernThe name/description describe a marketplace with a CLI client and hosted backend. However, the skill declares a node binary requirement and documents many CLI commands (niche ...) yet provides no install spec, no code files, and no homepage/source repository. That mismatch makes it unclear how the described capabilities would actually be provided to the agent.
Instruction Scope: concernSKILL.md instructs the agent to run CLI commands, open the hosted UI for passkey logins, and references a local auth path (~/.niche/auth.json). The instructions assume a local 'niche' CLI that will read/write local files and open browsers, but the skill bundle contains no CLI implementation. The instructions do not explicitly tell the agent to exfiltrate secrets, but they imply local credential material may be stored/used — the lack of the actual client increases risk and ambiguity.
Install Mechanism: concernThere is no install specification and no code files. For a skill that documents a CLI and requires node, an install step (npm package, binary, or repository) would be expected. The absence of any install mechanism is inconsistent and means the agent would either fail to run commands or attempt to run non-existent binaries, creating unpredictable behavior.
Credentials: noteThe skill requests no environment variables or credentials, which aligns with a hosted-backend design. However, it references local auth storage (~/.niche/auth.json) and passkey-based wallet creation; those imply handling sensitive auth material locally, so users should confirm where private keys/passkeys are stored and who controls the backend. Overall, declared env/credential requests are minimal but not fully explained.
Persistence & Privilege: notealways is false (good), but the metadata includes a cron entry to run 'niche check-matches' every 15 minutes. Scheduling periodic commands is reasonable for a marketplace watcher, but combined with the missing CLI, it raises the possibility of scheduled failed invocations or unexpected behavior. Autonomous invocation is allowed (platform default).