Skillv1.0.12

ClawScan security

Poku · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 21, 2026, 12:14 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (placing calls, sending SMS, reserving numbers) matches its instructions and required credential (POKU_API_KEY); it's an instruction-only skill that uses curl via exec, with one minor metadata/instruction inconsistency to review before use.
Guidance: This skill is coherent with its stated purpose, but review these points before enabling it: 1) Keep your POKU_API_KEY secret — the skill uses it as a Bearer token for API requests; ensure your agent/tooling will not print the raw key. 2) The skill will run curl via the exec tool to contact https://api.pokulabs.com; confirm you trust that endpoint and that API key scopes/quotas are appropriate. 3) SKILL.md references an optional POKU_TRANSFER_NUMBER env var that will be read automatically if set — if you don't want calls transferred, do not set that variable. 4) Number reservation is irreversible per the docs — the skill asks for explicit user confirmation before reserving, so confirm those prompts are enforced by your agent. 5) Calls can remain open up to 5 minutes (yieldMs: 300000); be aware of potential costs or privacy implications. If you are uncomfortable with the agent making outbound calls or SMS autonomously, restrict autonomous invocation or require explicit user confirmation for each action.

Review Dimensions

Purpose & Capability: okName/description align with what the skill does. The only required credential is POKU_API_KEY, which is appropriate for calling the Poku API endpoints documented in the references. No unrelated credentials, binaries, or system paths are requested.
Instruction Scope: noteSKILL.md stays on-topic (number resolution, drafting, confirmation, and then making curl POST/GET requests). It explicitly instructs using the exec tool to run curl and to mask the API key in any displayed commands. One instruction references using the agent's 'search tool' for business lookups (this is an expected agent capability), and the instructions require reading the optional env var POKU_TRANSFER_NUMBER at runtime (see environment_proportionality).
Install Mechanism: okNo install spec and no code files — instruction-only skill. This is the lowest install risk: nothing will be downloaded or written to disk by the skill itself.
Credentials: noteThe skill requires a single primary credential (POKU_API_KEY), which is proportional. However, SKILL.md also references an optional env var POKU_TRANSFER_NUMBER and instructs the agent to read it at runtime; that optional env var is not listed in the registry's required env metadata. Confirming optional env usage would improve coherence.
Persistence & Privilege: okSkill is not always-enabled and does not request elevated platform privileges or modification of other skills. Autonomous invocation is allowed (the platform default) but not combined with other concerning factors.