Skillv1.4.6

ClawScan security

Assetclaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 19, 2026, 4:39 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement an asset-management API client consistent with its description, but there are multiple mismatches and risky behaviours (undeclared required binaries, credential handling to disk, and inconsistent base URLs) that need clarification before installing.
Guidance: Before installing: (1) Ask the author to clarify and fix metadata: declare required binaries (curl, node) and required environment variables (username/password) so you know runtime dependencies. (2) Review and confirm the API base URL(s). The docs and script reference both a local IP (http://192.168.1.111:5183) and a dynamic DNS host (vicp.fun); ask which is authoritative and why an external domain appears. (3) Be aware the skill writes plaintext credentials to /tmp/assethub-claw-temp-session.json and upgrades them into a session file; if you use this skill, avoid supplying production credentials — use a least-privilege/test account. (4) Confirm logout actually removes the temp and session files and that the files are not world-readable on your system. (5) If you require stronger guarantees, ask the author to remove auto-login-from-temp behavior and require explicit confirmation before reading/writing any credential files. (6) Given the source is unknown and homepage missing, prefer not to install in a sensitive environment until these questions are answered.

Review Dimensions

Purpose & Capability: noteName/description (Asset lifecycle management) match the included helper script and API endpoint list. However, the skill metadata declares no required binaries or environment variables while the helper script clearly depends on curl and node and the SKILL.md documents ASSETHUB_API_USERNAME / ASSETHUB_API_PASSWORD and other env vars — this mismatch is incoherent and should be fixed. Also source/homepage are unknown which reduces trust.
Instruction Scope: concernSKILL.md instructs the agent to collect username/password from the user and write them into /tmp/assethub-claw-temp-session.json and to automatically read that file for subsequent requests. It also mandates auto-login and automatic use of cached tokens and tenant IDs. Writing plaintext credentials to a local temp file and auto-using them without an explicit per-call confirmation increases the risk of inadvertent credential exposure or misuse. The instructions also emphasize honoring externally-passed tenant_id (good) but otherwise allow automatic tenant selection and session upgrades. The scope includes reading/writing local files (/tmp) and network calls to host(s) not fully documented in a trusted way.
Install Mechanism: okThere is no install spec (instruction-only plus an included helper script), so nothing external is downloaded during install. That is low risk in the install phase. However the script will execute curl/node at runtime; the skill should have declared those dependencies.
Credentials: concernRegistry metadata lists no required env vars or primary credential, but SKILL.md and scripts both reference ASSETHUB_API_USERNAME, ASSETHUB_API_PASSWORD, ASSETHUB_API_URL, ASSETHUB_TENANT_ID, and session file paths. The skill asks to store user credentials to a temporary file; requiring and storing plaintext credentials is proportionate to acting as an API client but the lack of declared env requirements is inconsistent. Also references show multiple base URLs (192.168.1.111 and a vicp.fun host), which is unexplained and suspicious.
Persistence & Privilege: notealways is false (good). The skill persists session tokens and credentials to /tmp/assethub-claw-session.json and uses a temp session file. Persisting its own session file is expected for this kind of helper, but combined with automatic auto-login and temp credential upgrading it raises privacy concerns. The skill does not request system-wide config changes or other skills' settings.