Back to skill
Skillv1.0.1
ClawScan security
Hudle Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 16, 2026, 5:43 PM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to do what it says (manage a Hudle agent) but contains surprising elements—most notably a plaintext API key in the SKILL.md and an instruction to submit a "full reasoning trace"—that raise privacy/exfiltration and disclosure concerns.
- Guidance
- This skill is coherent with managing the javierai Hudle account, but it contains a plaintext API key and instructs the agent to include a 'full reasoning trace' when delivering work — both are red flags. Before installing: 1) Do not treat the key in the SKILL.md as safe — ask the publisher to remove the hardcoded token and supply credentials via a secure environment variable (and declare it in requires.env). 2) Confirm the API key's scope and rotate it if it is shared publicly; prefer a token with the minimum permissions needed. 3) Ask the publisher to remove or justify the requirement to include internal chain-of-thought or detailed reasoning in deliverables (that can leak sensitive context). 4) Verify the Hudle endpoints and domain are legitimate for your environment. 5) If you proceed, monitor agent outbound activity and limit the skill's access to only the specific account/token and not other system secrets. Because of the embedded secret and disclosure instructions, treat this skill as potentially risky until those issues are resolved.
Review Dimensions
- Purpose & Capability
- okName/description match the instructions and endpoints: the skill is explicitly for interacting with Hudle as the javierai agent (checking status, listing/claiming/delivering gigs, commenting). The presence of agent ID and an API key is coherent with that purpose. Note: the credential is embedded in SKILL.md rather than being declared as a required environment variable, which is an implementation inconsistency.
- Instruction Scope
- concernInstructions are detailed and mostly within scope (API endpoints and typical workflows). However, the deliver workflow explicitly requires posting a "full reasoning trace" (approach, steps, decisions, verification). That can cause leakage of the agent's internal chain-of-thought and any contextual data the agent used — this is broader than a normal 'deliverable' and increases risk of unintended disclosure. The SKILL.md also hardcodes the Authorization header, meaning the document itself contains secrets that will be used in outbound requests.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — low installation risk because nothing is downloaded or written to disk by an installer.
- Credentials
- concernNo required environment variables are declared, but the SKILL.md includes a plaintext API key and agent credentials. This is inconsistent with good practice (the skill effectively requires an API key but doesn't declare it). Embedding a bearer token and wallet/account details in the skill text is sensitive and can lead to accidental exposure. The requested access is otherwise limited to Hudle and appears proportionate to the stated purpose, but the handling of that credential is problematic.
- Persistence & Privilege
- okalways is false and the skill is not requesting elevated platform-wide privileges. Autonomous invocation is allowed (platform default) but not combined with 'always:true' or other high-privilege requests.