Back to skill
Skillv1.1.0
ClawScan security
PopUp Referrals · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 17, 2026, 10:13 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it only requests a single PopUp API key and its instructions describe read-only calls to the PopUp referrals endpoint with no installs or other secrets requested.
- Guidance
- This skill appears coherent and minimal: it needs only your PopUp API key to fetch referral data. Before installing, confirm the POPUP_API_KEY you provide is an organizer-scoped, read-only key if PopUp supports scoping; avoid supplying a broad production key if a narrower key is possible. Remember that the SKILL.md's 'read-only' claim is informational — the platform/agent enforces actual behavior. If you are worried about autonomous agents making other API calls, do not enable autonomous invocation for this skill or do not provide the API key. Also keep your POPUP_API_KEY secret and rotate it if it is ever exposed.
Review Dimensions
- Purpose & Capability
- okName/description match the declared requirements: the skill needs a POPUP_API_KEY and documents calling the PopUp referrals API to retrieve referral code, earnings, and referred vendor status. There are no unrelated env vars, binaries, or install artifacts.
- Instruction Scope
- okSKILL.md limits behavior to GET /referrals against the documented base URL using the POPUP_API_KEY Bearer token. It does not instruct reading other files, scanning system state, or sending data to third-party endpoints beyond usepopup.com. Note: the claim that the skill is 'read-only' is descriptive; there is no enforcement mechanism in an instruction-only skill, so the agent/platform must ensure calls remain read-only.
- Install Mechanism
- okNo install spec and no code files — instruction-only — so nothing is downloaded or written to disk by the skill itself. This is the lowest-risk install profile.
- Credentials
- okOnly a single credential (POPUP_API_KEY) is required and declared as the primaryEnv. That is proportionate to the stated purpose of calling a protected referral endpoint. No unrelated secrets or config paths are requested.
- Persistence & Privilege
- okalways is false and there is no installation behavior that persists or modifies other skills or system-wide settings. Autonomous model invocation remains enabled by default (normal), but this skill does not request elevated persistence.