Back to skill
Skillv1.0.18
ClawScan security
WodeApp AI Engine · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 11, 2026, 5:50 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions are coherent with a multi-modal aggregator platform: it only asks for a single WODEAPP_API_KEY and all instructions are API calls to the described endpoints.
- Guidance
- This skill appears internally consistent, but take normal precautions: only provide a WODEAPP_API_KEY you intend to trust with prompt/media forwarding and billing; avoid uploading sensitive/confidential files (uploads are stored on WodeApp CDN and URLs may be semi-public); review WodeApp's privacy/ToS (it states prompts may be forwarded to upstream providers and claims not to persist raw prompts — verify with provider if this is critical); create scoped/limited API keys if possible and rotate/revoke keys after testing; and test with non-sensitive data before production use.
Review Dimensions
- Purpose & Capability
- okName/description (multi-modal execution engine) matches the declared capabilities and the tools/endpoints in SKILL.md and wodeapp-ai-skill.json. Requiring only WODEAPP_API_KEY is proportionate for a single-integrator gateway.
- Instruction Scope
- okSKILL.md instructs the agent to call platform REST/MCP endpoints, create/list/publish projects, and upload files. It explicitly states it does not read local files or other environment variables. No steps request unrelated system artifacts or hidden exfiltration.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. Low risk because nothing is written to disk or downloaded as part of installation.
- Credentials
- okOnly one required env var (WODEAPP_API_KEY) is declared and used as the primary credential. That aligns with the skill's single-key design. No unrelated secrets or config paths are requested.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request permanent system presence or modify other skills. Autonomous invocation is allowed by default (platform behaviour) but not combined with other red flags here.