Skillv1.0.1

ClawScan security

LobsterDomains · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 13, 2026, 11:23 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requests and instructions are generally consistent with its stated purpose (domain registration via crypto payments), with one bookkeeping inconsistency and some operational privacy cautions to be aware of.
Guidance: This skill appears to do what it says: it uses an API key to check and register domains and expects on-chain tx hashes as payment proof. Before installing: (1) verify the publisher and the https://lobsterdomains.xyz site and API key issuance flow; (2) confirm whether the platform will redact or avoid logging returned management credentials (OpenSRS username/password) because the skill tells the agent not to persist them but cannot enforce platform logging policies; (3) do not paste private wallet keys/private seed phrases into the agent — only provide tx hashes and public contact info; (4) verify the hard-coded receiving address on-chain and via the vendor before sending funds; and (5) ask the publisher to fix the metadata mismatch (registry listing no required env vars vs SKILL.md declaring LOBSTERDOMAINS_API_KEY). If you need higher assurance, request source code or a vendor attestation about how keys and returned credentials are handled by the platform.

Review Dimensions

Purpose & Capability: okThe SKILL.md describes a domain-registration service that uses an API key (LOBSTERDOMAINS_API_KEY) and on-chain transaction hashes for payment — this aligns with the skill's name and description. Note: the registry metadata provided with the skill summary listed 'Required env vars: none', but the SKILL.md metadata declares a primaryEnv LOBSTERDOMAINS_API_KEY. That mismatch appears to be a packaging/metadata error (not necessarily malicious) but should be clarified by the publisher.
Instruction Scope: noteRuntime instructions are focused on the service APIs (checking availability, pricing, registering with txHash, etc.) and collecting registrant contact info. The SKILL.md explicitly instructs the agent to present returned OpenSRS management credentials directly to the user and to never persist them in conversation history or files. This is appropriate for handling sensitive credentials, but it relies on the hosting platform and integrator to actually honor non-persistence — the skill cannot enforce that itself. There are no instructions to read unrelated files or other environment variables.
Install Mechanism: okInstruction-only skill with no install spec and no code files — lowest-risk installation profile. Nothing is downloaded or written to disk by an installer.
Credentials: noteThe only declared secret in SKILL.md is LOBSTERDOMAINS_API_KEY, which is proportionate to a hosted API service. However, the skill will receive and surface third-party OpenSRS credentials in API responses; those are sensitive but are returned by the service (not requested as env vars). The earlier registry summary listing 'no required env vars' conflicts with SKILL.md's primaryEnv declaration — ask the publisher to reconcile this.
Persistence & Privilege: okThe skill does not request always:true and has no install that would persist on disk; autonomous invocation is allowed but is the platform default. The main risk is operational: the SKILL.md tells the agent not to persist sensitive credentials, but platform logs, audit trails, or other skills could still capture them unless the environment enforces non-persistence.