Skillv1.0.2

ClawScan security

xAPI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 13, 2026, 8:35 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions mostly match its stated purpose (wrapping the xapi CLI), but there are inconsistencies around where credentials are stored and the skill's ability to call arbitrary third‑party APIs that warrant caution before installing.
Guidance: This skill appears to be a thin wrapper around the external xapi CLI and legitimately needs an XAPI_API_KEY and npx. Before installing or using it: (1) verify the xapi project and operator (visit https://xapi.to, inspect their docs and privacy policy); (2) prefer exporting your API key as an environment variable (XAPI_API_KEY) rather than using any automatic "register" flow that saves credentials to ~/.xapi/config.json — if you must use the file, inspect its contents and tighten permissions (chmod 600) and understand where the file is written; (3) be aware that the tool can discover and call arbitrary third‑party APIs (it can proxy requests), so avoid sending sensitive secrets or private data through it and consider a scoped or throwaway API key; (4) if you need higher assurance, ask the skill author for source code or a published package link (npm/github) and for a declared config path in the metadata (to match the README); and (5) monitor network use and audit the ~/.xapi directory after use. These clarifications would raise my confidence and could change the verdict to benign if answered satisfactorily.

Review Dimensions

Purpose & Capability: noteName/description match the instructions: the SKILL.md describes using the xapi CLI for Twitter/X, crypto, web/news search, and AI text actions. Declared runtime requirement (npx) and primary credential (XAPI_API_KEY) are consistent with a CLI that calls an external service. Minor mismatch: requires.env is empty in metadata even though a primaryEnv (XAPI_API_KEY) is declared — this is a bookkeeping inconsistency but not a major functional mismatch.
Instruction Scope: concernThe instructions tell the agent to run npx xapi-to commands and to register or set an API key. They explicitly state the API key is saved automatically to ~/.xapi/config.json and also that XAPI_API_KEY env var may be used. The skill can discover and call arbitrary third‑party APIs (via --source api / services), which increases the risk that data could be relayed to endpoints beyond the user's immediate expectation. The SKILL.md also does not limit what data should or should not be sent to those APIs.
Install Mechanism: okThis is an instruction-only skill (no install spec, no code files). It uses npx to run a public CLI on-demand, which is a low-risk install model compared with downloading/extracting archives or running custom installers.
Credentials: noteOnly one credential (XAPI_API_KEY) is declared as the primary credential, which is reasonable for a proxy/CLI to an external service. However, the SKILL.md indicates the credential will be persisted to ~/.xapi/config.json but the registry metadata lists no required config paths — this mismatch should be clarified. Consider whether you trust the service with any data you pass via the CLI.
Persistence & Privilege: concernThe skill will cause the xapi CLI (when run) to persist the API key to ~/.xapi/config.json according to its instructions; the skill metadata did not declare any required config paths. The skill is not always:true (no global forcing), but the automatic on-disk persistence of credentials and the ability to call arbitrary third-party APIs raises persistence/privacy concerns.