Back to skill
Skillv1.0.0
ClawScan security
Synology DSM · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 5, 2026, 8:41 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions match the described Synology DSM functionality, but the registry metadata omits required environment variables and required binaries (curl/jq), which is an incoherence you should resolve before trusting it with credentials.
- Guidance
- This skill appears to do what it says (talk to a Synology DSM API) and uses expected parameters, but the package metadata does not declare the environment variables or required binaries shown in SKILL.md. Before installing or providing credentials: 1) Verify the skill source and inspect SKILL.md yourself (you already have it). 2) Prefer creating a dedicated DSM account with minimal permissions for the skill (not your admin account). 3) Use HTTPS (port 5001) and enable 2FA; if possible use short‑lived credentials. 4) Avoid putting plaintext passwords into persistent environment variables or logs — prefer prompting per-session if your platform supports it. 5) Ensure the platform will not upload or store SYNOLOGY_PASS or SID to remote logs/backups you don’t control. 6) Confirm curl and jq are available on the agent host, or adjust commands accordingly. If you cannot verify the metadata omission or how credentials are stored/used by the platform, consider treating this skill as untrusted until those questions are answered.
Review Dimensions
- Purpose & Capability
- noteThe SKILL.md content is consistent with the declared purpose (manage DSM FileStation and DownloadStation via the DSM Web API). However the registry metadata lists no required environment variables or credentials even though the runtime instructions explicitly require SYNOLOGY_HOST, SYNOLOGY_PORT, SYNOLOGY_USER, and SYNOLOGY_PASS, and use curl/jq. That mismatch is likely a packaging/metadata omission.
- Instruction Scope
- okAll instructions stay within the stated scope: authenticating to DSM, calling FileStation and DownloadStation APIs, handling 2FA, and logout. The skill does not instruct reading unrelated system files or contacting third‑party endpoints beyond the user’s NAS and the example download URLs. It does show commands that will expose credentials on the shell if used carelessly (notes in the SKILL.md advise against hardcoding).
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — lowest install risk. Nothing will be written to disk by an installer. Examples assume curl and jq are available but no installer is provided.
- Credentials
- concernThe SKILL.md requires four environment variables (SYNOLOGY_HOST, SYNOLOGY_PORT, SYNOLOGY_USER, SYNOLOGY_PASS) which are proportionate to the task. The concern is that the skill’s manifest/registry metadata did not declare these required env vars or the use of network credentials, nor did it declare required binaries (curl, jq). This metadata omission makes it unclear to automated policy checks what secrets or tools the skill needs and increases risk if you provide credentials without verifying how the platform stores or transmits them.
- Persistence & Privilege
- okalways is false and the skill has no install hooks or instructions to modify agent/system config. It requires explicit invocation by the user (and the platform default allows autonomous invocation, but that is not changed by the skill).