Skillv1.0.2

ClawScan security

Orgo Desktop Control · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 22, 2026, 6:05 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement an Orgo client consistent with its description, but the registry metadata omits the declared ORGO_API_KEY requirement and the runtime instructions enable uploading/transmitting local files and credentials to an external service — proceed only after confirming key scope and origin.
Guidance: This package implements a client for a remote desktop/cloud VM service (orgo.ai) and will need an ORGO_API_KEY and internet access to function — but the registry metadata did not declare that requirement. Before installing: (1) confirm the skill's origin and trustworthiness (no homepage is listed); (2) ensure any ORGO_API_KEY you provide is scoped minimally (limited permissions, revocable) and not your primary personal or cloud credentials; (3) be aware the skill can upload local files and retrieve VNC passwords and signed download URLs (so avoid uploading secrets or sensitive files unless you trust the service); (4) check billing/usage implications of creating remote machines; (5) if you need to enforce policy automatically, add ORGO_API_KEY to allowlists and/or deny the skill until metadata is corrected. If you want higher assurance, request the publisher to update registry metadata to declare ORGO_API_KEY as a required credential and provide a verifiable homepage or source repository.

Review Dimensions

Purpose & Capability: concernThe SKILL.md and included orgo_client.py clearly require an ORGO_API_KEY and internet access to talk to https://www.orgo.ai/api (expected for a cloud-desktop control SDK). However the registry metadata lists no required environment variables or primary credential, creating a mismatch between claimed purpose and declared requirements.
Instruction Scope: noteInstructions are focused on managing remote desktops (create/start/stop/delete), UI automation, running bash/python remotely, screenshots, file upload/export, streaming, and retrieving VNC passwords. These actions necessarily transmit local files and interact with external VMs (data exfiltration is an expected capability here). The doc contains example login flows and hard-coded credential examples (e.g., 'password123') which are test examples but could encourage unsafe practices if copied without changes.
Install Mechanism: okNo install spec is provided (instruction-only plus an included Python SDK file). Nothing is downloaded from unknown URLs during install; risk from install mechanism is low.
Credentials: concernThe runtime examples explicitly read ORGO_API_KEY from the environment, and the client sets an Authorization: Bearer header — one API key is proportionate. The problem is the skill registry did not declare ORGO_API_KEY or mark a primary credential, which is inconsistent and may hide a credential requirement from users/policy checks. No other unrelated secrets are requested.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills, and has normal autonomous-invocation settings. It does not request system config paths or elevated host privileges in the provided materials.