Back to skill
Skillv1.0.0
ClawScan security
moss · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 9:32 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is mostly documentation for the Moss semantic search API, but its manifest omits credentials that the runtime instructions explicitly require (MOSS_PROJECT_ID / MOSS_PROJECT_KEY), so the bundle is internally inconsistent and needs clarification before use.
- Guidance
- This skill is a documentation-only bundle for the Moss API; it appears legitimate, but the manifest is inconsistent with the runtime docs. Before installing or using it: 1) confirm the source/owner and that https://docs.usemoss.dev is the official docs site; 2) expect to supply MOSS_PROJECT_ID and MOSS_PROJECT_KEY (the skill should have declared them as required env vars / a primary credential — ask the publisher to update the manifest); 3) review where the agent will send data (the docs mention POST /manage but do not show a full base URL) and decide whether sending user content to that service is acceptable for your privacy needs; 4) if you provide credentials, follow least-privilege practices (use keys scoped for only the project and actions needed); 5) ask the maintainer to fix the manifest (add required env vars and a primary credential) and to clarify the REST base URL and any telemetry or sync behaviors before trusting autonomous use.
Review Dimensions
- Purpose & Capability
- concernThe skill's name/description match the SKILL.md content (Moss docs / integration patterns). However the declared requirements list no environment variables or primary credential, while the SKILL.md explicitly documents required credentials (MOSS_PROJECT_ID and MOSS_PROJECT_KEY). That omission is an incoherence between claimed requirements and the runtime instructions.
- Instruction Scope
- concernSKILL.md gives concrete runtime guidance (initialize MossClient with project credentials, call createIndex/loadIndex/query, REST actions via POST /manage, and an 'inject search results into LLM context' workflow). Those instructions are within the stated purpose, but they reference reading/using project credentials and performing automatic per-message queries. The instructions are actionable and would cause an agent to look for credentials or attempt network calls; the manifest should have declared that explicitly. No other unrelated file/system access is requested.
- Install Mechanism
- okThis is instruction-only (no install spec, no code files). The SKILL.md mentions npm/pip package names for user install, but the skill does not perform any installation itself — low installer risk.
- Credentials
- concernThe documented API requires two credentials (MOSS_PROJECT_ID and MOSS_PROJECT_KEY), which are reasonable for the described integration, but the skill's metadata declares no required env vars or primary credential. The mismatch could lead to unexpected credential usage or confusion about what secrets are needed/expected.
- Persistence & Privilege
- okThe skill does not request always:true, does not modify other skills, and has no install-time persistence. Autonomous invocation is allowed (platform default) but not itself a red flag here.