Skillv1.0.0

ClawScan security

PodcastIndex · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 28, 2026, 7:35 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The SKILL.md clearly requires a Podcast Index API key and secret and gives authenticated request instructions, but the registry metadata claims no required environment variables — this inconsistency should be resolved before trusting the skill.
Guidance: This skill appears to do what it says (talk to Podcast Index) and legitimately needs an API key and secret, but the registry listing you saw omitted those required env vars while SKILL.md includes them. Before installing: 1) verify the skill's source/homepage or ask the publisher to fix the registry metadata so required env vars are visible; 2) only provide PODCASTINDEX_API_KEY and PODCASTINDEX_API_SECRET if you trust the skill and the publisher; 3) prefer using a limited-scope/rotatable key if Podcast Index supports it and rotate keys after testing; 4) if you are uncomfortable with autonomous invocation, restrict the skill or require manual invocation; and 5) ask the developer to publish code or a trustworthy homepage so you can audit behavior further.

Review Dimensions

Purpose & Capability: noteThe skill's stated purpose (searching Podcast Index) aligns with the actions described in SKILL.md (authenticated GET requests to api.podcastindex.org). Requiring PODCASTINDEX_API_KEY and PODCASTINDEX_API_SECRET is proportionate to that purpose. However, the registry metadata provided earlier in the listing shows no required env vars while the SKILL.md includes an embedded 'openclaw' metadata block declaring those env vars and primaryEnv. That mismatch is an incoherence the developer should fix.
Instruction Scope: okSKILL.md instructions are narrowly scoped to building authenticated requests to the Podcast Index API (timestamp + SHA-1 hash, include headers, call endpoints). It does not instruct reading arbitrary files or unrelated credentials, nor to exfiltrate data to other endpoints. It does reference using Node.js modules as an implementation hint but also suggests using a built-in HTTP request tool.
Install Mechanism: okThere is no install spec and no code files; this is instruction-only, so nothing will be written to disk by an installer. That is lower risk and consistent with the skill's content.
Credentials: concernThe SKILL.md requires two secrets (PODCASTINDEX_API_KEY and PODCASTINDEX_API_SECRET), which are appropriate for Podcast Index authentication. The concern is that the skill registry metadata (the top-level requirements shown to users) lists no required env vars — this omission is misleading and could cause a user to unknowingly provide credentials without realizing the skill needs them. The skill also claims primaryEnv in its embedded metadata, further highlighting the discrepancy.
Persistence & Privilege: okThe skill does not request permanent presence (always: false) and does not request to modify other skills or system-wide settings. Autonomous invocation is allowed (default) but that is normal for skills; nothing here amplifies privilege beyond normal behavior.