Back to skill
Skillv1.0.0
ClawScan security
Paragon MLS Analyze Deal · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 20, 2026, 12:15 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to call a local Node MCP to run MLS deal analysis and mostly matches its stated purpose, but there are a few incoherent or risky choices (hardcoded workspace path, an included build script that runs npm install, and no declared credential requirements for an MLS integration) that warrant careful review before use.
- Guidance
- Before installing or running this skill: (1) Inspect the paragon-mls-mcp code at /home/umbrel/.openclaw/workspace/deal-analyst/paragon-mls-mcp (dist/index.js and the source) to confirm it only does the expected MLS parsing and calculations and does not exfiltrate data or access unrelated files. (2) Do not run scripts/build.sh until you review package.json and dependencies; npm install can execute arbitrary install/build hooks. (3) Confirm how the MCP authenticates to Paragon MLS — locate where credentials would be stored (env vars, config files, vault) and ensure they are not baked into the repo or sent to unknown endpoints. (4) If you will allow autonomous invocation, consider restricting the skill until you verify network endpoints and data flows. (5) If you are unsure, run the MCP in an isolated environment (container) and monitor its network activity and file access while testing with non-sensitive data.
Review Dimensions
- Purpose & Capability
- noteName/description (Paragon MLS deal analysis) aligns with the declared dependency on node and the MCP invocation. However, the MCP command points to a hardcoded local path (/home/umbrel/.openclaw/workspace/deal-analyst/paragon-mls-mcp/dist/index.js) — this makes the skill rely on code in the user's workspace rather than shipping its own artifact, which is brittle and should be verified.
- Instruction Scope
- noteSKILL.md instructs the agent to call an MCP (paragon-mls.analyze_deal) and shows example mcporter usage — it does not instruct reading arbitrary system files or exfiltrating data. That said, the runtime will execute a Node script in the user's workspace; you should review that script because its behavior (network calls, credential use, file access) is not visible from SKILL.md.
- Install Mechanism
- noteThere is no formal install spec (lowest risk). A small build script is included (scripts/build.sh) which runs 'npm install' and 'npm run build' in the hardcoded workspace path. If executed, npm install can pull arbitrary packages and run install/build scripts — review the workspace/package.json before running the build script.
- Credentials
- concernThe skill declares no required environment variables or credentials. For a Paragon MLS integration one would typically expect API keys, user credentials, or at least a note about authentication. Absence of declared credentials is either an omission or indicates the MCP expects credentials in some other place (local config files, interactive auth, or baked into the workspace), which should be clarified and inspected.
- Persistence & Privilege
- okThe skill is not always-on and is user-invocable; autonomous invocation is allowed (the platform default). The skill does not request system-wide config changes or elevated persistence. Nothing in the metadata indicates self-enabling or modification of other skills.