Skillv1.0.0

ClawScan security

Paragon MLS Raw Listings · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 20, 2026, 12:16 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description (fetch raw Paragon MLS JSON) is plausible, but the instructions expect and operate on a specific local workspace path and include a build script that will run npm install — behavior that is surprising and not justified by the declared metadata.
Guidance: This skill is suspicious because it expects a specific local project layout and includes a build script that runs 'npm install' in your home/workspace. Before installing or running it: 1) Inspect the paragon-mls-mcp project at /home/umbrel/.openclaw/workspace/deal-analyst/paragon-mls-mcp (especially package.json and the built dist/index.js) to ensure you trust all dependencies. 2) Do not run scripts/build.sh unless you are prepared to let npm fetch packages and modify your workspace; prefer running it in a disposable sandbox/container. 3) Confirm whether you actually have mcporter and the expected local MCP code — the skill does not declare mcporter as a required binary. 4) Ask the publisher for source code or hosting details (homepage/source are missing) and for explicit documentation of where credentials/config come from. If you cannot verify these, avoid installing or running the skill.

Review Dimensions

Purpose & Capability: concernThe skill claims to fetch raw Paragon MLS payloads, but its metadata points to an absolute local path (/home/umbrel/.openclaw/workspace/deal-analyst/paragon-mls-mcp/dist/index.js). That implies it requires a preexisting local project rather than reaching out to an MLS API, which is unexpected based on the public description. Also the SKILL.md references mcporter usage but mcporter is not declared as a required binary.
Instruction Scope: concernThe runtime instructions instruct use of an MCP tool via mcporter and reference a specific file in the user's home/workspace; they effectively assume access to local code and configuration. The included build script (scripts/build.sh) runs npm install and npm run build in that workspace — it will fetch packages from the network and modify the user's filesystem. These actions go beyond just 'fetching raw listings' and rely on local state not described in the skill.
Install Mechanism: concernThere is no formal install spec, but the repository includes scripts/build.sh which executes npm install and npm run build in a user-local path. That implies potentially arbitrary npm packages will be fetched and installed at runtime if the script is executed, which is high-risk behavior if done without explicit user consent or sandboxing.
Credentials: noteNo environment variables or credentials are declared, which at face value is proportional. However, because the skill targets a local workspace, it may implicitly rely on local configuration/credentials stored elsewhere (e.g., in that project's config or a system credential store). Those implicit dependencies are not documented.
Persistence & Privilege: notealways:false and no special privileges are declared, which is appropriate. Still, the included build script will alter the user's workspace (installing node_modules and building), so the skill can produce persistent changes to disk even though it does not request elevated platform privileges.