Skillv1.0.0

ClawScan security

Alexandrie · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 8:32 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior mostly matches a CRUD client for the Alexandrie API, but it quietly requires access to a user-specific .env file and tools not declared in the metadata, which is an incoherence you should understand before installing.
Guidance: This skill appears to be a straightforward CLI client for a self-hosted Alexandrie instance, but it has important inconsistencies you should address before installing: 1) The script expects ALEXANDRIE_PASSWORD to be stored in /home/eth3rnit3/clawd/.env (a user-specific path) even though the skill metadata declares no config paths or env vars — verify you are comfortable allowing the skill to source that file or change the skill to accept the password via an explicitly-declared environment variable. 2) The script uses curl and jq but the metadata does not declare these dependencies — ensure those binaries are available and come from trusted sources. 3) Confirm you trust the API endpoints (api-notes.eth3rnit3.org) and the skill author since there is no homepage or known source. If you need higher assurance, ask the publisher to (a) declare required env vars (ALEXANDRIE_PASSWORD) and config paths, (b) avoid hardcoded /home paths (use a configurable path or env var), and (c) provide a canonical source/homepage or signed release. If you install anyway, consider checking the /home/eth3rnit3/clawd/.env contents and rotating any secrets that were exposed during testing.

Review Dimensions

Purpose & Capability: noteThe name/description (CRUD for Alexandrie) align with the included alexandrie.sh script and the SKILL.md API endpoints. However, the skill metadata declares no required environment variables or config paths while the script clearly depends on a password stored at /home/eth3rnit3/clawd/.env and a specific username; that mismatch is unexpected for a general-purpose skill.
Instruction Scope: concernThe runtime instructions and script instruct the agent to source /home/eth3rnit3/clawd/.env for ALEXANDRIE_PASSWORD and to read/write /tmp files (/tmp/alexandrie_cookies.txt, /tmp/alexandrie_user_id). The SKILL.md and registry metadata do not declare those config paths or the required secret. The script only contacts the declared API domain and does not exfiltrate to other endpoints, but reading a user-specific .env is scope creep relative to the metadata.
Install Mechanism: okThere is no install spec (instruction-only plus a shell script). That minimizes install-time risk because nothing arbitrary is being downloaded or extracted during install.
Credentials: concernThe skill needs a password (ALEXANDRIE_PASSWORD) but requires no env vars in its metadata; instead it sources a hardcoded /home/eth3rnit3/clawd/.env path. It also implicitly requires curl and jq on PATH, but the required binaries list is empty. Asking to read a user-specific .env (which may contain other secrets) is disproportionate and should be declared and justified.
Persistence & Privilege: okThe skill is not always:true and does not request persistent system-wide privileges. It writes only local temporary files (/tmp) and a user-specific token file, and does not attempt to modify other skills or global agent config.