Skillv1.0.0

ClawScan security

apix · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 4, 2026, 4:19 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and commands match its stated purpose, but it recommends running a remote install script (curl | sh) from an unverified domain which is a disproportionate installation risk.
Guidance: This skill appears to do what it says, but be careful about the installation recommendation. Prefer installing via Homebrew if available. Do NOT run curl -fsSL https://apix.sh/install | sh unless you have verified the publisher and reviewed the installer script — running remote install scripts executes arbitrary code. Before installing, verify the apix.sh domain ownership (project homepage/repository), inspect the installer script content, or install from a trusted package source. When using apix to call APIs, avoid pasting long-lived secrets into commands in shared shells; prefer using secure token storage or temporary tokens.

Review Dimensions

Purpose & Capability: okName/description (search, browse, execute API endpoints from local markdown vaults) align with the SKILL.md workflow and commands (apix search, peek, show, call, import). The skill does not request unrelated env vars, binaries, or config paths.
Instruction Scope: noteRuntime instructions are focused on using the apix CLI and importing local OpenAPI files. They instruct the agent to run apix commands and to include Authorization headers when calling APIs (expected). They do not direct the agent to read unrelated system files or harvest environment variables, but they do instruct installation steps which can cause further actions (see install_mechanism).
Install Mechanism: concernNo formal install spec in registry, but SKILL.md recommends installing via Homebrew (reasonable) or via an online installer: curl -fsSL https://apix.sh/install | sh. Running a remote installer (curl|sh) from a non-standard domain is a high-risk pattern because it executes code fetched from the network without review. The domain is not a known release host like GitHub Releases.
Credentials: okThe skill declares no required environment variables or credentials. Example usage shows an Authorization header for API calls, which is appropriate for the stated purpose. There is no request for unrelated secrets or broad credential access.
Persistence & Privilege: okFlags: always:false, user-invocable true, model invocation allowed — standard. The skill does not request persistent system-level privileges or modify other skill configs.