Back to skill
Skillv0.1.3
ClawScan security
Pinecone Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 2, 2026, 6:05 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill largely does what it claims (upload files, embed text, search Pinecone) but there are inconsistencies in the published metadata vs. the runtime instructions/code and some privacy-relevant behavior you should be aware of.
- Guidance
- This skill appears to implement Pinecone uploads and search as described, but take these precautions before installing or using it: - The runtime requires PINECONE_API_KEY, EMBEDDING_API_KEY and EMBEDDING_BASE_URL (the registry metadata omitted these) — set and protect these keys carefully. - The tool records and returns absolute file paths (the 'source' field) and other metadata in JSON and stores them in Pinecone metadata; review whether you want full paths and file-level metadata indexed or returned to callers. - Ensure EMBEDDING_BASE_URL points to a trusted embedding provider (e.g., OpenAI). If you set this to an untrusted endpoint it will receive file contents and your EMBEDDING_API_KEY. - Use the provided --dry-run option first to preview which files and how many chunks will be processed before uploading anything. - Consider running the tool in an isolated environment (or with least-privilege keys) and inspect the code (pinecone_tool.py, upload.py, search.py) yourself if you have sensitive documents. - If you need the skill listed in a registry, ask the publisher to correct the registry metadata so required environment variables and secrets are clearly declared. If you want, I can point out the exact lines that send file paths/metadata to Pinecone and where the embedding base URL and keys are used so you can audit or modify them.
Review Dimensions
- Purpose & Capability
- noteThe skill's name/description (Pinecone vector search & upload) matches the code and SKILL.md: it reads local TXT/Markdown files, splits them, requests embeddings, and uploads vectors to Pinecone. However the registry metadata (top-level 'Required env vars: none' and 'Primary credential: none') contradicts the SKILL.md and code which require PINECONE_API_KEY, EMBEDDING_API_KEY and EMBEDDING_BASE_URL — this mismatch is unexpected and could cause confusion or misconfiguration.
- Instruction Scope
- concernSKILL.md and the code direct the skill to read arbitrary local files and directories (the files you ask it to upload). The code attaches metadata including absolute file system paths ('source') and token counts and returns them in JSON and stores them as Pinecone metadata. That behavior is coherent with indexing but can leak full paths and document metadata back to any consumer of the skill's JSON output (or into Pinecone). The instructions do not attempt to read unrelated system files, but the inclusion of absolute paths in metadata is a privacy concern and should be reviewed.
- Install Mechanism
- okNo binary downloads or remote install scripts are used; installation is the typical 'pip install -r requirements.txt' plus copying a .env. Requirements are standard libraries for this use case (openai, pinecone, tiktoken, etc.).
- Credentials
- concernThe SKILL.md and code require PINECONE_API_KEY, EMBEDDING_API_KEY, and EMBEDDING_BASE_URL (plus optional EMBEDDING_MODEL, INDEX_NAME, NAMESPACE). These are appropriate for embedding+Pinecone operations. The concern is the manifest/registry metadata claiming 'no required env vars' while the runtime clearly needs secrets — an inconsistency that could mislead users. Also note EMBEDDING_BASE_URL is user-controlled; pointing it to an untrusted endpoint would send text/metadata (and keys) there.
- Persistence & Privilege
- okThe skill does not request 'always: true' and does not modify other skills or global agent settings. It behaves like a normal local CLI/tool invoked by the user. It will, however, upload data to external services (embedding provider and Pinecone) when used.