Skillv1.0.0

ClawScan security

Smart Spawn · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousFeb 17, 2026, 10:23 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally coherent — it simply instructs the agent to call a third‑party API to pick models — but it directs potentially sensitive task text to an unknown external service (ss.deeflect.com) with no provenance or privacy guarantees, so proceed cautiously.
Guidance: This skill does what it says — it asks a remote service for model recommendations — but that means any task text you send (including prompts, code, or confidential details) will be transmitted to ss.deeflect.com. Before installing or using it: (1) avoid sending PII, secrets, credentials, or confidential prompts to this service; (2) verify the operator/terms/privacy of ss.deeflect.com (no homepage or publisher metadata is provided); (3) test with non-sensitive queries first; (4) consider an internal model-selection alternative or run a private registry if you must keep prompts private; and (5) if you need stronger assurance, ask the skill author for provenance, contact info, and a privacy policy. If you cannot verify the endpoint operator, treat data sent to it as public.

Purpose & Capability: noteThe name/description match the instructions: the skill's job is to call an external service to recommend model IDs and return them for sessions_spawn. No extra binaries or credentials are requested, which is consistent. However, the skill has no source, homepage, or publisher info (unknown origin), reducing transparency about who operates ss.deeflect.com.
Instruction Scope: concernSKILL.md only instructs the agent to make GET/POST requests to ss.deeflect.com and then use the returned model id. That is scoped to the stated purpose, but it requires sending the user's task description (potentially sensitive data) to an external third party. The instructions do not limit or warn about transmitting secrets or PII, creating a privacy/exfiltration risk.
Install Mechanism: okInstruction-only skill with no install spec or code files — nothing is written to disk and there is no package download risk.
Credentials: noteNo environment variables or credentials are requested, which is proportionate. One caveat: returned model IDs reference third-party providers (e.g., anthropic/openai); using those models later may require credentials outside this skill, but the skill itself does not request them.
Persistence & Privilege: okThe skill is not always-on and is user-invocable; it does not request system-wide persistence or modify other skills. Autonomous invocation is permitted by default but is not combined here with elevated privileges.