Skillv1.0.1

ClawScan security

Wallabag · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 23, 2026, 7:43 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match a Wallabag bookmark manager, but there is an important mismatch between the registry metadata and the runtime requirements (sensitive environment variables and binaries are required but not declared), which you should resolve before installing.
Guidance: Before installing or enabling this skill: - Be aware the script uses the OAuth password grant: you must supply WALLABAG_USERNAME and WALLABAG_PASSWORD plus a client id/secret. This means you are giving the skill full account credentials; use a dedicated, low-privilege account and client if possible. - The registry metadata omitted required env vars and credentials — treat that as a red flag: confirm the listed required environment variables in SKILL.md are accurate before trusting the skill. - Review scripts/wallabag.sh yourself (it is small and readable). It uses curl and jq, stores tokens only in memory, and removes temporary files; these behaviours are reasonable but verify they meet your policies. - Avoid running auth --show-token in environments where stdout may be logged; it will print the token JSON when requested. - If you prefer not to provide a password to the agent, ask the skill author to implement an authorization-code flow or a token-only flow so long-lived credentials are not supplied. If you cannot verify the code or do not want to expose account credentials, do not install or enable the skill.

Review Dimensions

Purpose & Capability: noteThe script, README, SKILL.md and reference docs consistently implement Wallabag API operations using OAuth password-grant and API endpoints — this aligns with the skill name and description. Required tools (bash, curl, jq for tag ops) and env vars (base URL, client id/secret, username/password) are appropriate for this purpose.
Instruction Scope: okRuntime instructions limit activity to the Wallabag API and to in-process token handling. The SKILL.md and script do not read unrelated system files or exfiltrate data to external endpoints beyond the user-supplied WALLABAG_BASE_URL. The script temporarily writes curl responses to a temp file but removes them.
Install Mechanism: okThis is an instruction-only skill with a bundled script; there is no install that downloads or executes remote code. No third-party package downloads or unusual install locations are used.
Credentials: concernThe SKILL.md and script require five sensitive environment variables (WALLABAG_BASE_URL, CLIENT_ID, CLIENT_SECRET, USERNAME, PASSWORD). Those requirements are proportionate to a password-grant OAuth implementation, but the registry metadata indicates 'Required env vars: none' and 'Primary credential: none', which is inconsistent and misleading. Requesting full account credentials is sensitive; there is no alternative OAuth flow implemented in the script (e.g., interactive authorization code flow).
Persistence & Privilege: okThe skill does not request persistent installation, does not set always:true, and does not modify other skills or system-wide settings. Tokens are held in-process only and not persisted to disk by design.