Skillv1.0.0

ClawScan security

Waze · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 7, 2026, 3:47 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (generate Waze deep links) matches most instructions, but the runtime instructions ask the agent to read workspace profile files and call an external service (Tavily) without declaring those accesses or credentials — this is a privacy/scope mismatch the user should review before installing.
Guidance: This skill appears to do what it says (create Waze deep links), but before installing ask the publisher to clarify two things: (1) how the skill will obtain the user's city — it currently tells the agent to read USER.md/SOUL.md (workspace files) which could expose personal data; (2) what 'Tavily' is and how the skill will call it (is it an internal service, does it require an API key, where do queries go?). If you install, consider limiting the skill to user-invoked only (disable automatic insertion into briefings) or require an explicit confirmation before it reads any workspace files or calendar events. If you can't verify Tavily's trustworthiness or the skill's file/calendar access behavior, avoid installing or enable strict review/permissions first.

Review Dimensions

Purpose & Capability: noteName/description (Waze link generation) aligns with the instructions to build Waze deep links and prefer URL-encoded addresses. The use of geolocation lookup for vague destinations is reasonable for the stated feature.
Instruction Scope: concernSKILL.md directs the agent to read workspace files (USER.md, SOUL.md or other profile files) to discover the user's city and to automatically insert links into briefings when calendar events have locations. Those file- and calendar-access instructions are broader than the declared skill metadata (which lists no required config paths or calendar access) and could expose personal data if the agent reads arbitrary workspace files or calendar content without explicit permission. The doc also instructs using an external search ('Use Tavily') but provides no detail about how to call it or any declared credentials.
Install Mechanism: okInstruction-only skill with no install spec and no code files — minimal installation risk (nothing written to disk by an installer).
Credentials: concernThe skill requests no environment variables, but the runtime steps implicitly require access to user workspace files and calendar/briefing content and instruct calls to an external service (Tavily). Those accesses are not documented in the declared requirements (no config paths, no primary credential), creating a mismatch between requested data and declared permissions.
Persistence & Privilege: notealways:false (good). The skill is permitted to be invoked autonomously (platform default). It instructs automatic inclusion of links in morning briefings when events have locations — this is functionally persistent within briefing generation but does not request system-wide privileges. Consider whether you want this behavior enabled by default in briefings.