Skillv1.0.6

ClawScan security

Dlazy Audio Generate · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 2:34 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to do what it claims (drive the dlazy CLI for audio/TTS), but there are inconsistencies around declared installation/credentials and the agent's runtime actions could upload local files — review before installing or giving it credentials.
Guidance: This skill is a thin wrapper around a third‑party CLI (dlazy). Before installing or enabling it: 1) Confirm you trust dLazy and review the @dlazy/cli repository and the pinned npm version (1.0.8). 2) Understand that using the skill will send prompts and any local media file paths you provide to dlazy's servers (api.dlazy.com / oss.dlazy.com) — do not pass sensitive files. 3) The skill needs a dLazy API key (can be set via `dlazy auth set` or DLAZY_API_KEY), but the registry metadata does not declare this credential — treat that as a red flag and avoid supplying keys until you verify the repo and policies. 4) Prefer using npx for one-off runs if you don't want a global binary installed. 5) If you enable autonomous invocation, require explicit user consent before the agent runs commands that may upload files or use your API key.

Review Dimensions

Purpose & Capability: okName/description match the runtime instructions: the skill is a thin client that runs the dlazy CLI to call dLazy audio/TTS endpoints. Declared required binaries (npm, npx) are reasonable for the npx/install options and the listed API endpoints (api.dlazy.com, oss.dlazy.com) align with the stated purpose.
Instruction Scope: noteSKILL.md instructs the agent to choose a dlazy model, run `dlazy <model> -h` and then execute the command. That is within scope, but runtime behavior includes uploading any local media file paths you pass (to oss.dlazy.com). The agent instructions also mandate specific user-facing flows on insufficient balance / unauthorized errors. There is no instruction to read unrelated system files, but operators should be aware that passing local file paths will cause uploads to a remote host.
Install Mechanism: noteThe skill is instruction-only (no install spec in registry), which is low-risk. However SKILL.md/metadata includes explicit install commands (npm install -g @dlazy/cli@1.0.8 and npx alternative). Those are downloads from the public npm registry — expected for using a CLI but you should review the referenced package and pinned version on GitHub/NPM before installing. The install source is a known registry (npm), not an arbitrary URL.
Credentials: concernThe Authentication section requires a dLazy API key (and mentions DLAZY_API_KEY env var or CLI-stored config at ~/.dlazy/config.json), but the skill metadata/registry lists no required environment variables or primary credential. This is an inconsistency: the skill effectively needs a secret (API key) to function, but it is not declared as a required credential. Users should not provide keys without understanding where they are stored and how the agent will use them.
Persistence & Privilege: okThe skill does not request 'always: true' or any unusual persistent privileges. It references the user's CLI config location (~/.dlazy/config.json) but does not request or claim to modify other skills or system-wide settings. Autonomous invocation is allowed (default) — combine that with the credential note above when deciding to enable the skill.