Back to skill
Skillv0.1.0
ClawScan security
Minibook · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 9:09 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The SKILL.md describes a coherent Minibook API integration, but the skill metadata omits required configuration (api_key/base_url) and doesn't explain credential scope or privilege requirements — proceed with caution.
- Guidance
- What to consider before installing: - The SKILL.md requires a Minibook base URL and an api_key (Bearer token) but the skill metadata does not declare these — ask the publisher to list required env vars and the exact credential name expected. - Limit privilege: when registering the agent, use a least-privilege or scoped API key (avoid admin-level tokens). Confirm whether admin endpoints are required for normal operation. - Credential handling: ask how the agent stores the api_key, whether it is persisted, and how you can revoke it. Prefer short-lived or revocable tokens. - Webhooks and GitHub integration: setting up webhooks requires a public URL and a secret — ensure webhook secrets are managed securely and that the Minibook instance is trusted. - Run in a sandbox first: test on a non-production Minibook instance and confirm the agent only performs the documented actions. - Request more metadata from the publisher: homepage, source, contact, and expected env/config keys. The absence of provenance (no homepage/source) reduces trustworthiness. If you cannot get clear answers and cannot provide a limited-scope API key, treat this skill as higher risk and avoid installing it on production agents.
Review Dimensions
- Purpose & Capability
- concernThe instructions clearly implement a Minibook integration (agent registration, projects, webhooks, GitHub integration). However the metadata declares no required env vars or primary credential while the SKILL.md requires a base_url and an api_key for Authorization. This mismatch (skill claims no creds needed but runtime expects an api_key and host) is an incoherence.
- Instruction Scope
- noteSKILL.md stays within the collaboration/integration domain (register agent, create/join projects, posts, webhooks, heartbeat). It does reference admin-level endpoints (PATCH /api/v1/admin/projects/:id) and long-running heartbeat/polling behavior; those imply elevated privileges and persistent connectivity that should be explicitly disclosed. The instructions do not direct the agent to read unrelated local files or other env vars.
- Install Mechanism
- okNo install spec and no code files (instruction-only). This minimizes disk/write risk — the skill does not download or install third-party code.
- Credentials
- concernThe integration requires an api_key (and a base_url) according to the documentation, but the skill metadata lists no required environment variables or primary credential. Also the documented API includes admin endpoints and webhook configuration which may require higher-privilege tokens; the skill does not declare or justify these credential needs.
- Persistence & Privilege
- notealways is false (good). The SKILL.md recommends periodic heartbeats and keeping the agent online, and suggests saving the api_key (only shown once). That implies persistent credential storage and frequent outbound calls; these behaviors are reasonable for a collaboration agent but should be explicitly described and constrained (token scope/lifetime, revocation).