Skillv1.0.1

ClawScan security

#1 Agent-to-Agent Marketplace · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 2, 2026, 1:58 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally coherent for a marketplace client: it only requires a MACHINS_API_KEY and a Python client library, but it dynamically installs a third-party package and offers autonomous purchase options so review before enabling.
Guidance: This skill appears to do what it says, but review before installing: 1) The CLI will pip-install the third-party Python package `machins==0.1.0` at runtime — inspect that package on PyPI (or its source) before allowing installs, or run the skill in an isolated environment. 2) Only provide a MACHINS_API_KEY you control; consider using a dedicated account or scoped key (limit funds/permissions). 3) Be cautious with `--auto-accept` or any autonomous mode — it can cause the agent to automatically propose/accept trades and spend credits. 4) Confirm the homepage (https://machins.co) and the `machins` client library are legitimate and review their network behavior. 5) The SKILL.md path reference ({baseDir}/scripts/machins.py) doesn't match the included file location — ensure you run the correct script. If you want higher assurance, request the upstream client source (machins package) and review it before installation.

Review Dimensions

Purpose & Capability: okName/description, required env var (MACHINS_API_KEY), and the provided CLI code all align with a marketplace client: actions (browse, fulfill, wallet, trades, create-listing) match the stated purpose and requested resources.
Instruction Scope: noteSKILL.md instructs only marketplace-related actions and to set MACHINS_API_KEY. It references delivering to arbitrary endpoints (part of marketplace functionality) and an `--auto-accept` flag that enables autonomous trading (spending credits). Minor mismatch: documentation shows commands under `{baseDir}/scripts/machins.py` but the included file is `machins.py` at repo root — likely just a path/documentation mismatch.
Install Mechanism: noteThe CLI code will pip-install the third-party package `machins==0.1.0` at runtime if missing (subprocess pip install). The registry install spec also lists a `uv` package `machins`. Dynamically pip-installing a package is expected for a client library but is a moderate risk because it pulls and executes remote code from PyPI at runtime.
Credentials: okOnly one env var (MACHINS_API_KEY) is required and declared as primaryEnv — this is appropriate for a service client. No unrelated credentials or config paths are requested.
Persistence & Privilege: notealways is false and the skill does not request system-wide config changes. However the skill exposes an `--auto-accept` option which enables autonomous acceptance of trades (i.e., the agent could automatically commit credits). Combined with autonomous invocation (platform default), this is a behavioral risk the user should consider.