Back to skill
Skillv0.1.0
ClawScan security
Arena Research · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 15, 2026, 2:00 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions broadly match an Are.na research tool, but the runtime steps assume local scripts, an env file, and an ARENA_ACCESS_TOKEN without declaring or installing them — that inconsistency and the instruction to source a global env file (potentially exposing secrets) is concerning.
- Guidance
- This skill looks like documentation for a local CLI meant to live in ~/clawd/skills/arena-research, not a self-contained network plugin. Before installing or running it: (1) don't blindly 'source ~/.config/env/global.env' — inspect that file first or export only the ARENA_ACCESS_TOKEN you intend to share; (2) confirm you actually have the referenced arena-search.ts and the bun runtime, or ask the author for an install spec or packaged code; (3) expect no code or API details are bundled — the SKILL.md references missing files (e.g., references/arena-api.md); (4) if you must provide ARENA_ACCESS_TOKEN, create a dedicated token with limited scope and rotate it after testing; (5) avoid granting autonomous execution until you're confident the local scripts are safe. These mismatches could be harmless (author assumed a preexisting repo) but they also increase the risk of accidental secret exposure or unintended local file access.
Review Dimensions
- Purpose & Capability
- concernThe SKILL.md describes Are.na research and the CLI commands align with that purpose, but the skill declares no binaries, no install, and no required env vars while the instructions assume a local TypeScript CLI (arena-search.ts) and the bun runtime; these unmet dependencies are inconsistent with the published metadata.
- Instruction Scope
- concernRuntime instructions tell the agent to 'cd ~/clawd/skills/arena-research' and 'source ~/.config/env/global.env' and to run local scripts. Sourcing a global env file reads arbitrary user environment variables (possibly secrets). The doc also references other files (references/arena-api.md) that are not included. These steps read user-local data outside the skill's stated scope.
- Install Mechanism
- concernThere is no install spec, yet the instructions require bun and a local TypeScript script. The absence of an install mechanism or bundled code means the skill will either fail or rely on code already present on the user's machine — an implicit assumption that isn't declared and could hide risky local operations.
- Credentials
- concernSKILL.md references ARENA_ACCESS_TOKEN (for the 'me' command) and tells the agent to source a global env file, but the skill metadata lists no required env vars. Asking to load ~/.config/env/global.env is disproportionate for a read-only research skill because that file may contain unrelated secrets.
- Persistence & Privilege
- notealways:false and no install mean the skill does not request persistent, platform-wide privileges. However, it instructs running local scripts and reading user config files; autonomous invocation is allowed by default but not in itself flagged — combine that with the other concerns before enabling autonomous use.