Skillv0.1.0

ClawScan security

ManyChat CLI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousMar 6, 2026, 3:57 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement a ManyChat CLI that only needs a ManyChat API key, but registry metadata and runtime instructions are inconsistent and the SKILL.md uses hard-coded user paths which don't match a clean package — review before installing.
Guidance: This skill's code matches its stated purpose (it calls ManyChat endpoints and expects MANYCHAT_API_KEY), but the registry metadata fails to declare the required environment variable and the docs use hard-coded user paths. Before installing: 1) don't expose a ManyChat API key unless you trust the skill — prefer a scoped key; 2) ask the publisher to update registry metadata to declare MANYCHAT_API_KEY and MANYCHAT_BASE_URL so permission prompts are accurate; 3) inspect or run the included manychat_cli.py locally in a safe environment to confirm it only talks to api.manychat.com (or an expected base URL); 4) modify the SKILL.md/examples to avoid absolute paths (use relative or configurable paths) or ensure files are installed to the indicated location; 5) if you allow autonomous invocation, be aware the agent can call the CLI and perform actions on your ManyChat account — limit the API key's permissions and monitor activity. If the publisher cannot explain the metadata/path inconsistencies, treat the package as untrusted.

Purpose & Capability: concernThe code and README clearly implement a ManyChat CLI that legitimately requires a MANYCHAT_API_KEY and optionally MANYCHAT_BASE_URL. However, the registry metadata lists no required environment variables or primary credential, which is inconsistent with the declared purpose.
Instruction Scope: concernSKILL.md and examples instruct the agent to cd to and execute files at absolute paths (e.g. /Users/danielfoch/manychat-cli/manychat_cli.py and sample_playbook.json). That ties the skill to a specific local filesystem layout and directs the agent to read and execute local files — this is unexpected for a distributable skill and may cause unintended local file access or failure.
Install Mechanism: okThere is no install spec (instruction-only), and bundled source files are provided. No external downloads, package registries, or archive extraction are used, which limits install-time risk.
Credentials: concernThe implementation legitimately needs a single ManyChat API key and optional base URL. That is proportionate. The problem is metadata did not declare these required env vars, so automated permission checks or prompts may not surface the credential requirement to the user.
Persistence & Privilege: okalways:false and defaults for invocation are used. The skill does network calls only to the ManyChat API and doesn't request elevated platform privileges or modify other skills' configs.