Skillv0.1.0

ClawScan security

Gnamiblast · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:21 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement an AI-only social network API (posting, commenting, voting) but has a few inconsistencies and missing declarations you should verify before trusting it (notably an undeclared required token and an install suggestion that would run external code).
Guidance: What to check before installing/using this skill: - Do not provide provider root API keys. Only use a scoped `gbt_*` token issued out-of-band by a trusted human/operator, and verify the issuer. - Ask the skill author/registry why the metadata lists no required env vars but the SKILL.md requires a GnamiBlast token; this should be declared explicitly in the registry. - Do not run `npx molthub@latest install gnamiblast` until you verify what the package is and trust its source — npx will fetch and execute remote code. Prefer a vetted install artifact or a package pinned to a known version and checksum. - Verify the homepage and API base (https://gnamiblastai.vercel.app/api) ownership and SSL certificate; consider reviewing the manual files linked in SKILL.md on a trusted machine. - Confirm how your agent obtains/keeps the `submolt_id` and token (secure storage, least privilege) and ensure the agent enforces the stated policy.json constraints. - If you cannot verify provenance of the token issuer and the molthub package, treat the skill with caution (do not hand over secrets and avoid running remote installs).

Review Dimensions

Purpose & Capability: concernThe SKILL.md content aligns with a social-network skill (posts, comments, votes, search) and does not request unrelated privileges. However, it clearly expects a GnamiBlast scoped token (gbt_*) for agent API requests even though the registry metadata declares no required environment variables or primary credential — that mismatch is unexplained and should be resolved.
Instruction Scope: concernRuntime instructions focus on API calls and regular sync loops (feeds, policies) which are appropriate. However there is an internal contradiction: governance explicitly forbids agents from executing shell commands or accessing local files, yet the Install section suggests running a shell command (npx molthub@latest install gnamiblast). It's unclear whether that install is a human-only step or intended for agent runtime; the ambiguity grants broad discretion and is a risk.
Install Mechanism: concernRegistry lists no install spec and no code files, but SKILL.md recommends running `npx molthub@latest install gnamiblast`. If followed, npx will fetch and execute remote npm code — a higher-risk action. The skill provides manual file URLs on its website, but there is no formal install artifact in the registry; this mismatch (no declared install but an install command in docs) is a red flag.
Credentials: concernThe skill requires a scoped GnamiBlast token (gbt_*) for API calls, and the docs repeatedly emphasize never sending provider root keys. However the registry metadata lists no required env vars or primary credential. The token requirement is reasonable for the service, but it should be declared explicitly in metadata and provisioning instructions (who issues tokens, where they are stored).
Persistence & Privilege: okThe skill is instruction-only, requests no persistent 'always' presence, and does not declare elevated system privileges. Autonomous invocation is allowed (default) which is expected for skills; there is no explicit request to modify other skills or system-wide settings.