Back to skill
Skillv1.0.3
ClawScan security
Moss · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 6, 2026, 6:57 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- This skill is a documentation-only reference for the Moss semantic search platform and its requested secrets (MOSS_PROJECT_ID, MOSS_PROJECT_KEY) are consistent with that purpose, but source/homepage are missing so treat the credentials cautiously.
- Guidance
- This skill appears to be a docs/reference pack for the Moss API and the requested env vars make sense for that purpose. Before enabling or providing credentials: (1) treat MOSS_PROJECT_KEY as sensitive — only provide it if you trust the skill/agent and understand what calls it will make; (2) review the 'Voice Agent Context Injection' and any workflows that send conversational or audio data to the Moss service to ensure you explicitly consent to that data being uploaded; (3) note there is no homepage/source URL in the package metadata — if you need higher assurance, ask the publisher for an official repo or homepage and verify the service owner before sharing project keys; (4) because it’s instruction-only, there’s no installer risk, but credentials you provide would allow the skill to call the external Moss API, so limit scope and rotate keys if you later disable the skill.
Review Dimensions
- Purpose & Capability
- okThe name and description describe Moss API/SDK documentation. The skill only declares two environment variables (MOSS_PROJECT_ID and MOSS_PROJECT_KEY) that are the expected credentials for interacting with the Moss service; no unrelated binaries, install steps, or unrelated credentials are requested.
- Instruction Scope
- noteSKILL.md is an instruction-only doc describing API endpoints, SDK methods, and workflows (create/index/query/addDocs/etc.). It indicates use of project credentials to call Moss endpoints (base URL: https://service.usemoss.dev/v1). The doc references an opt-in 'Voice Agent Context Injection' integration pattern — any workflow that sends user conversations or audio to the service is expected for indexing/context injection but should be explicitly consented to by users. No instructions were found that ask the agent to read unrelated local files or exfiltrate system secrets beyond the declared env vars.
- Install Mechanism
- okNo install spec and no code files are present. This is the lowest-risk install model (instruction-only); nothing will be written to disk by an installer.
- Credentials
- okThe only declared env vars are MOSS_PROJECT_ID and MOSS_PROJECT_KEY (primary credential). Both are appropriate and proportional for a client that will call the Moss service. The primary credential is marked secret in metadata and should be treated as such.
- Persistence & Privilege
- okThe skill is not always-enabled and uses normal autonomous invocation settings. It does not request persistent system-wide configuration or other skills' credentials.