Back to skill
Skillv1.0.0
ClawScan security
DeepLink Agentic · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 7, 2026, 3:31 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is largely consistent with a real-estate research agent that forwards tasks and uploaded files to agentic.dichanai.com, but it has a few worrisome inconsistencies and a concrete risk of credential exposure (it prints renewed tokens), so proceed with caution.
- Guidance
- This skill appears to do what it says: it is a Python CLI that forwards tasks and uploaded files to agentic.dichanai.com and requires a single AGENTIC_TOKEN. Before installing, consider: 1) Trust the remote service (agentic.dichanai.com) — any files you upload or prompts you send will be transmitted to that host. 2) The CLI auto-renews tokens and prints NEW_TOKEN to stdout; ensure your agent or user-facing outputs will not disclose that printed token (use ephemeral tokens, restrict logs, or avoid running token-renew on a public channel). 3) Confirm what 'uv' install means in your platform and whether the package installation is performed from a trusted source. 4) Avoid uploading highly sensitive files (PII, private keys) unless you fully trust the endpoint and its data retention policies. 5) Note small inconsistencies (version string mismatch in SKILL.md vs metadata, script contains a name typo) — these suggest limited quality control; review the script source yourself or ask the publisher for clarifications. If you need lower risk, request a version that does not print tokens to stdout and that documents the installer provenance (pip/requirements).
Review Dimensions
- Purpose & Capability
- okName/description, required binary (python3), required env var (AGENTIC_TOKEN), and the CLI code all align: the skill implements a client for agentic.dichanai.com to create/monitor/download research tasks. Requiring a token and python is proportionate to the described functionality.
- Instruction Scope
- concernSKILL.md explicitly instructs the agent to send user instructions and any uploaded reference files to agentic.dichanai.com — this is coherent with the service but is a privacy surface the user must accept. The SKILL.md asks the AI to check token state and to avoid leaking tokens, however the implementation prints renewed tokens to stdout which could be captured and leaked by the agent or logged — this is a concrete instruction-scope risk (sensitive data exposure).
- Install Mechanism
- noteDeclared install is a single package 'requests' (reasonable for a Python CLI). The metadata uses 'kind: uv' which is nonstandard/odd (not a well-known installer label like pip/brew); this is a minor inconsistency to verify with the platform but not inherently malicious.
- Credentials
- concernOnly AGENTIC_TOKEN is requested as the primary credential which matches the skill's remote API usage. The concern is proportionality of how the token is handled: the CLI will automatically renew tokens and prints NEW_TOKEN to stdout for the operator to copy — this increases the chance a token is exposed to users, logs, or the agent's outgoing messages.
- Persistence & Privilege
- okalways is false and there is no evidence the skill requests permanent platform-wide privileges or modifies other skills' configurations. Autonomous invocation remains enabled (platform default) but is not combined with other high-privilege indicators.