Back to skill
Skillv1.0.1
ClawScan security
Docs Lookup · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 10, 2026, 1:01 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's behavior (sending user queries to docs.agentutil.net) matches its description, but the SKILL.md makes strong privacy/storage claims and lacks guidance to avoid sending secrets — this inconsistency and the reliance on an external API merit caution.
- Guidance
- This skill appears to do what it says (query an external docs API), but you should: (1) verify the service operator (docs.agentutil.net) and read its privacy/retention policy; (2) avoid sending secrets, credentials, or private code/config in queries — the SKILL.md's claim that 'no user data is transmitted' is not enforceable here; (3) test with benign queries first to confirm behavior and response quality; (4) if you must look up sensitive internal docs, prefer an on-prem or vendor-hosted docs source you control; and (5) be cautious about the paid lookup pathway (x402/USDC) — confirm billing and what information is attached to payment requests.
Review Dimensions
- Purpose & Capability
- okName/description (search pre-indexed docs) lines up with the runtime instructions: all examples call docs.agentutil.net endpoints for query, lookup, and platforms. No unrelated binaries, env vars, or installs are requested.
- Instruction Scope
- concernInstructions direct the agent to send user queries (free-form text) to an external API. The SKILL.md also asserts 'No documents, file contents, or user data are transmitted' and 'Queries are not stored' — but it does not define what qualifies as 'user data' or instruct the agent to redact secrets/PII before querying. That is a gap: user-provided code snippets or config could contain sensitive data and would be sent to the external service unless explicitly scrubbed.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — lowest local footprint; nothing is written to disk by the skill itself.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The skill does not ask for unrelated secrets or system access.
- Persistence & Privilege
- okalways:false and no special privileges requested. The skill can be invoked autonomously by the agent (default), but that is normal and not by itself a red flag.