Skillv1.0.0

ClawScan security

Sales AI Agent Starter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 7, 2026, 5:22 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's high-level description matches its purpose, but there are mismatches and missing provenance around installation and credentials (a declared in-SKILL install of an npm package 'clawhub' and a node requirement aren't reflected in the registry metadata), so proceed cautiously and verify what will be installed and what credentials will be requested.
Guidance: This skill's goal (build/deploy sales/customer agents) is reasonable, but there are warning signs you should resolve before installing or running it: - Ask the author for provenance: where does the 'clawhub' package come from? Provide a homepage/GitHub/NPM link and a README. Do not install packages from unknown sources. - Confirm install behavior: the registry metadata contains no install spec, yet SKILL.md requests installing node/clawhub. Ask whether the skill will auto-install anything and where those binaries will be placed. - Credential handling: the skill will need CRM/Slack/etc. credentials to integrate. Require least-privilege service accounts or API tokens scoped to a sandbox, never hand over full production admin keys. Ask how credentials are stored and whether they are transmitted off your environment. - Sandbox first: run any install and integration steps in an isolated environment (disposable VM, container, or staging account) to observe what the package does. - Audit and logging: request a clear list of network endpoints the skill contacts and any telemetry. If the author cannot provide clear answers or provenance, treat the install as high risk and avoid granting real credentials. Given the registry vs SKILL.md mismatch and the unknown npm package, treat this as suspicious until the provider supplies source links and a clear install/credential model.

Review Dimensions

Purpose & Capability: concernThe SKILL.md describes building/deploying agents (which plausibly could use node tooling), but the registry metadata lists no required binaries/env while the SKILL.md's embedded metadata declares a node requirement and an install of a package named 'clawhub'. That internal inconsistency is unexplained and reduces trust in the declared surface area.
Instruction Scope: noteThe human-readable instructions remain within the stated purpose (discovery, design, build, deploy phases) and do not explicitly tell the agent to read unrelated system files or exfiltrate data. However, they repeatedly reference integrating with CRMs and other services without declaring how credentials or data access will be requested/used, which is vague and could lead to ad-hoc credential collection at runtime.
Install Mechanism: concernThere is no install spec in the registry metadata, but SKILL.md includes an install block that would install an npm-like package 'clawhub' (kind: 'node'). Installing packages from external package registries can execute arbitrary code; 'clawhub' has no provenance (no homepage/source provided). This mismatch and lack of verifiable source is a risk.
Credentials: concernThe registry lists no required environment variables or credentials, but the skill claims integrations with CRMs (HubSpot, Salesforce), Slack, and other services — all of which require credentials. The skill does not declare what secrets it will request or how they will be stored, creating a gap between claimed functionality and declared credential requirements.
Persistence & Privilege: okThe skill is not marked always:true and does not request elevated persistent privileges. It's user-invocable and allows autonomous invocation (platform default), which is expected for an integration skill.