Back to skill
Skillv1.1.0
ClawScan security
Echo AI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 20, 2026, 2:18 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's behavior (it requires and uses an ECHO_API_KEY) matches its description, but the registry metadata omits the required credential and primary credential declaration — an inconsistency you should verify before installing.
- Guidance
- This skill appears to do only what it claims (call Echo AI endpoints), but the package metadata failed to declare the API key the instructions require. Before installing: (1) confirm you are comfortable setting ECHO_API_KEY in your environment and that you will use an assistant-scoped or least-privilege key rather than a broad workspace key; (2) verify the endpoint host (auth.echoai.so) is legitimate for the service you expect; (3) test with a low-privilege or throwaway API key to observe behavior; (4) be aware chat calls consume the Echo owner's credits and the skill asks for explicit confirmation — keep that behavior; (5) if you need guarantees, ask the publisher to update the registry metadata to list ECHO_API_KEY as a required/primary credential so the platform can surface the permission request properly.
Review Dimensions
- Purpose & Capability
- noteName/description match the instructions: listing assistants, retrieving knowledge bases, and chatting with Echo AI via auth.echoai.so. Requiring an API key is appropriate for this purpose, but the registry metadata does not declare the API key or any primary credential — an inconsistency between declared requirements and the actual instructions.
- Instruction Scope
- okSKILL.md limits actions to GET/POST calls to the Echo API (listing assistants, retrieving assistant details, posting chat messages). It instructs to prefer local FAQs (zero-cost) and ask user confirmation before chat calls. It does not direct the agent to read unrelated files or reach out to other endpoints.
- Install Mechanism
- okThis is an instruction-only skill with no install spec or code to download — low install risk. README suggests copying files into the user skills folder and toggling openclaw.json, which is a normal local configuration step.
- Credentials
- concernThe runtime instructions require setting ECHO_API_KEY, but the skill metadata lists no required environment variables or primary credential. That mismatch can lead to confusing permission/secret handling. The single API key request itself is proportionate to the service, but the omission from metadata is a red flag to verify.
- Persistence & Privilege
- okThe skill does not request always-on presence and does not declare system-wide privileges. The README asks users to enable the skill in OpenClaw config (normal). The only persistence-like behavior is advising to save session_id between chat calls, which is expected for conversational continuity.