Skillv1.0.0

ClawScan security

Paragon MLS Fetch Listings · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 20, 2026, 12:15 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (fetch Paragon MLS listings) is plausible, but the runtime instructions reference a hard-coded developer-local path and include a build script that implies running npm in that path — this mismatch and missing packaged code make the skill incoherent and risky to run as-is.
Guidance: Do not run this skill as-is. The SKILL.md references a node program at an absolute developer path (/home/umbrel/.../dist/index.js) that is not included in the package; that makes the skill incoherent and could lead you to execute unreviewed build steps. Before installing, ask the publisher for: (1) the source repository or packaged release (e.g., GitHub or npm) that contains dist/index.js, (2) a corrected MCP command that does not point to a developer-local absolute path, (3) a clear list of network endpoints contacted and any environment variables or credentials required, and (4) a signed/reproducible install spec (or a vetted release URL). If you must test, inspect the actual index.js source code first and never run build.sh or npm install coming from an untrusted source. If the author cannot provide an independent public repo or packaged artifact, treat the skill as untrusted.

Review Dimensions

Purpose & Capability: concernThe skill's purpose (resolve Paragon share GUIDs to listings) justifies requiring Node and network access to MLS CollabLink endpoints. However, the SKILL.md's MCP invocation points to an absolute path under /home/umbrel/.openclaw/workspace/deal-analyst/paragon-mls-mcp/dist/index.js — a developer-local path that is not provided by the package. That path dependency is disproportionate and inconsistent with the skill's registry metadata (no install, no packaged dist).
Instruction Scope: concernInstructions direct the agent to invoke an MCP tool at a hard-coded local filesystem location. They do not document where that code comes from, what network endpoints it will contact beyond generic 'CollabLink endpoints', or whether any secrets are required. The example shows an mcporter call which is reasonable, but the agent would attempt to execute a file that is not included in the skill bundle — scope/operational mismatch.
Install Mechanism: noteThere is no formal install spec (lowest execution risk), but a scripts/build.sh is included that cd's into the same developer-local workspace and runs npm install && npm run build. Because the SKILL.md expects a dist/index.js at that path but the skill doesn't ship it, this implies either the skill was authored against a developer workstation or expects local developer artifacts — a packaging/installation omission that could lead to confusion or accidental execution of arbitrary npm installs if a user runs the script.
Credentials: noteThe skill declares no required environment variables or credentials, which matches the absence of secret handling in SKILL.md. However, the runtime code (not provided) may require MLS-specific auth or other secrets; the skill does not declare or justify any such variables. The lack of declared credentials combined with an external code path is an inconsistency to clarify.
Persistence & Privilege: okThe skill does not request persistent/always presence and does not modify other skills' configuration. It is user-invocable and allows autonomous invocation (platform default), which by itself is expected and not flagged.