Back to skill
Skillv1.0.1
ClawScan security
Shopping Product Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 12, 2026, 7:42 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally coherent for a product search integration: it uses a bundled shell script that calls api.trychannel3.com with a CHANNEL3_API_KEY and requires curl/jq; nothing in the files indicates unrelated or hidden behavior.
- Guidance
- This skill appears to do what it says: it runs a shell script that sends your search queries (and any image URLs you supply) to api.trychannel3.com using CHANNEL3_API_KEY and returns structured product results. Before installing: 1) Verify you trust trychannel3.com (requests and buy links go to their domains); 2) Do not include sensitive or private data in queries or image URLs because those will be transmitted to the external API; 3) Ensure curl and jq are available in your environment; 4) Keep your CHANNEL3_API_KEY secret and only grant it to this skill; and 5) Note the packaging/metadata mismatch (registry summary claiming no env vars) — confirm the skill's config requires the API key as indicated in skill.yaml/SKILL.md. If you need to be extra cautious, review the script locally (it's short and readable) before granting network/shell permissions.
Review Dimensions
- Purpose & Capability
- noteThe skill's name/description, skill.yaml, SKILL.md, and the shell script all align: this is a product search that calls Channel3's API and returns merchant links. However, the top-level registry summary in the evaluation metadata (which said "Required env vars: none") conflicts with skill.yaml and SKILL.md, both of which require a CHANNEL3_API_KEY and list curl/jq as dependencies. This appears to be a packaging/metadata inconsistency rather than malicious misdirection.
- Instruction Scope
- noteThe runtime instructions and script only build a JSON body from CLI args and POST it to https://api.trychannel3.com/v1/search using CHANNEL3_API_KEY; they do not read arbitrary files or other env vars. Important: user queries and any provided image URLs are transmitted to the third-party API (expected for this purpose). If a user includes sensitive data in the query or image URL, that data will be sent to the external service.
- Install Mechanism
- okNo install spec; it's instruction-only with a bundled shell script. This is low-risk: nothing is downloaded or written during install. The script expects curl and jq to be present (which SKILL.md documents).
- Credentials
- noteThe only secret required is CHANNEL3_API_KEY (declared in skill.yaml and SKILL.md, marked secret). That is proportionate to calling a third-party product API. The metadata inconsistency (some summary saying no env vars required) should be fixed so users aren't misled.
- Persistence & Privilege
- okThe skill is not always:true, does not request elevated/persistent system changes, and does not modify other skills. It requires network and shell permissions which are appropriate for executing the provided script and making API requests.