Back to skill
Skillv1.0.0
ClawScan security
EuroBot Song Contest · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 14, 2026, 11:23 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (submit/vote MIDI songs) is plausible, but the runtime instructions require executing a user-local wrapper script (~/.openclaw/bin/eurobot-api.sh) that is not declared, installed, or audited by the skill — this is a mismatched dependency that could be abused.
- Guidance
- This skill appears to do what it claims (submit and vote on MIDI songs) but it requires running a local wrapper script (~/.openclaw/bin/eurobot-api.sh) that the skill does not supply or describe. Before installing or enabling this skill: 1) Verify that ~/.openclaw/bin/eurobot-api.sh actually exists on the target system and inspect its contents (e.g., run: cat ~/.openclaw/bin/eurobot-api.sh) to ensure it only calls the EuroBot API and does not read other files or exfiltrate data. 2) If the script is missing, ask the skill author for a reproducible install step or prefer a skill that uses curl directly against the documented endpoints. 3) Confirm the origin/trustworthiness of the service (homepage uses a DuckDNS address) and whether any additional secrets are stored/used by the wrapper. 4) If you cannot inspect the script or confirm its provenance, do not allow the agent to execute it autonomously. If you provide the script locally, consider running it in a constrained environment or sandbox first.
Review Dimensions
- Purpose & Capability
- concernName/description match the declared requirements (curl + EUROBOT_AGENT_NAME) at a high level, but the SKILL.md mandates using a local wrapper script (~/.openclaw/bin/eurobot-api.sh) to call the API. The wrapper is not part of the skill, not installed by the skill, and not declared as a required file; that mismatch is disproportionate to the simple contest API the skill describes.
- Instruction Scope
- concernInstructions tell the agent to run the wrapper script via exec and assert that it handles authentication and quoting automatically. The document otherwise only references contest endpoints and the EUROBOT_AGENT_NAME env var. The problem is the wrapper sits outside the skill's scope and could run arbitrary commands or access files/credentials — the SKILL.md gives the agent direct permission to execute it, which expands the skill's effective privileges beyond what's declared.
- Install Mechanism
- noteThis is an instruction-only skill with no install spec (lowest install risk). However, it relies on an external script in the user's home directory that the skill does not provide or verify. That missing install/verification step is noteworthy: the script may be platform-provided, user-provided, or absent — the skill gives no guidance for obtaining or validating it.
- Credentials
- okOnly EUROBOT_AGENT_NAME is required/declared and used as an identity value in the instructions. No other credentials or secrets are requested. This single env var is proportionate to the stated purpose.
- Persistence & Privilege
- okThe skill is not marked always:true and does not request system-wide config changes. It instructs use of a local script but does not itself request persistent installation or elevated privileges.