Back to skill
Skillv1.0.0
ClawScan security
Clovercli · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 8:54 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's runtime instructions match a Clover POS CLI (requiring a Clover access token and merchant id) but the skill metadata does not declare those credentials and the skill relies on installing a third‑party npm package — this mismatch and the install instruction deserve caution.
- Guidance
- What to consider before installing/use: - The SKILL.md requires sensitive env vars (CLOVER_ACCESS_TOKEN, CLOVER_MERCHANT_ID) but the skill metadata doesn't declare them — treat this as an inconsistency and assume you will need to provide secrets. - Verify the npm package and GitHub repo before installing: check the package owner (@versatly), review the repository code, recent commit/activity, npm download counts, and open issues. Prefer installing in an isolated environment (container/VM) if you want to test it. - Create and use least-privilege Clover credentials (scoped token) and avoid putting long-lived secrets into your global shell rc without understanding the risk. - The SKILL.md includes a specific "Known Client" row (a merchant id). That may indicate sample/test data or real customer data; be cautious about privacy/leakage. - Because the skill is instruction-only, the platform won't pre-install anything for you — if you allow an agent to run the documented install commands, those commands will execute on your system. Only proceed if you trust the package and repository. If you want me to: I can (1) fetch the npm package page and GitHub repo metadata to summarize ownership/activity, or (2) list concrete checks to perform on the repo and package before installing.
Review Dimensions
- Purpose & Capability
- concernThe SKILL.md clearly documents a Clover POS CLI that requires CLOVER_ACCESS_TOKEN and CLOVER_MERCHANT_ID, and instructs installing @versatly/clovercli. However the skill registry metadata lists no description, no required env vars, and no primary credential. The functionality is coherent for a Clover CLI, but the metadata omission is inconsistent and prevents automated vetting of the required credentials.
- Instruction Scope
- okThe instructions stay within the expected scope for a CLI: installing the tool, setting environment variables for API access, and running commands against Clover endpoints. The SKILL.md does not instruct the agent to read arbitrary local files or send data to unexpected external endpoints beyond the documented npm/GitHub package and Clover API.
- Install Mechanism
- noteThere is no install spec in the registry (instruction-only skill), but the SKILL.md tells the user/agent to run npm i -g @versatly/clovercli or clone a GitHub repo. Installing a third‑party npm package is a normal way to get this CLI, but it introduces moderate risk: the package and repo should be verified (author, code, recent releases, vulnerabilities). The skill itself does not provide integrity information (checksum, pinned version) or an install script.
- Credentials
- concernThe runtime instructions require CLOVER_ACCESS_TOKEN and CLOVER_MERCHANT_ID (and optionally CLOVER_REGION), which are sensitive credentials, but the skill metadata does not declare any required env vars or a primary credential. This mismatch means the registry record understates the credential needs and could lead to accidental credential exposure if users follow instructions without realizing the sensitivity.
- Persistence & Privilege
- okThe skill does not request persistent presence (always=false) and has no install artifact in the registry. It does not ask to modify other skills or system settings. Autonomous invocation is allowed (platform default) but not, by itself, a red flag here.