Skillv1.0.0

ClawScan security

focus-coach · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 28, 2026, 8:36 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill claims to be a simple focus coach but its runtime instructions require installing a third‑party CLI, performing an auth step, and calling a paid third‑party endpoint (not declared in metadata), which is disproportionate and raises credential/payment-exfiltration concerns.
Guidance: Before installing or invoking this skill: (1) Treat the SKILL.md instructions as sending your input to a third‑party service that charges per request — verify the service owner, privacy policy, and billing flow. (2) Do not run 'awal auth login' until you know what credentials it requires; never paste seed phrases/private keys into unknown CLIs. (3) Confirm what 'awal' is (official repo, package maintainer, reviews) and whether the remote endpoint (anicca-proxy-production.up.railway.app) is trusted. (4) Prefer a version with published source or a documented API key flow (and explicit env vars declared in the registry) before granting any credentials or making payments. (5) If you want to proceed for testing, run it in an isolated/sandbox environment and monitor network calls and local files created by the 'awal' CLI. Providing the skill author/source code, the 'awal' package homepage, or documentation about the payment/auth flow would significantly increase confidence.

Review Dimensions

Purpose & Capability: concernThe declared purpose is a local 'focus coach' helper, but the SKILL.md directs the agent to install and use the 'awal' CLI and to call a remote paid API endpoint (anicca-proxy-production.up.railway.app). Requiring a CLI + paid remote API is not impossible for a skill that proxies to a paid service, but the registry metadata lists no credentials, no homepage, and no source — that mismatch is unexplained.
Instruction Scope: concernRuntime instructions explicitly tell the user/agent to run 'npm install -g awal', run 'awal auth login', and then use 'npx awal x402 pay' to POST user data to a third‑party URL. That means user input and potentially sensitive context will be sent to an external server and a payment will be triggered; the SKILL.md gives no detail about what 'awal auth login' requires or what data the remote endpoint stores or charges for.
Install Mechanism: noteThere is no formal install spec in the registry, but SKILL.md requires installing a global npm package (awal@2.0.3). Installing global npm CLIs is moderate risk: it executes third‑party code locally and may request auth. The SKILL.md does not point to an official project/repo for 'awal' or explain trustworthiness.
Credentials: concernThe skill metadata declares no required env vars or credentials, yet the instructions require 'awal auth login' and executing a 'pay' command that lists a crypto price (USDC on eip155:8453). This implies a wallet/payment credential or external account will be involved — a capability not declared in the registry metadata and not justified by the simple coaching purpose.
Persistence & Privilege: okThe skill does not request always:true, does not include install scripts in the registry, and does not claim to modify other skills or system settings. The only persistence risk is from installing the 'awal' CLI itself, which could store credentials locally depending on its behavior.