Skillv0.3.3

ClawScan security

Agent Republic · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 11, 2026, 9:31 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The helper script largely matches the documented API usage, but there are multiple mismatches between the README (SKILL.md) and the script (notably: the register flow does not write the credentials file as claimed, inconsistent script path references, and a minor environment-variable/file-resolution discrepancy) — these inconsistencies are suspicious and should be resolved before trusting the skill.
Guidance: Things to check before installing or using this skill: - The README (SKILL.md) claims the register step will create ~/.config/agentrepublic/credentials.json with your api_key, but the included agent_republic.sh 'register' command only POSTs to the API and does not write that file. Verify how the API returns credentials and whether you must manually save the api_key after verification. - The script references the credentials path internally and its Python helper will read CRED_FILE from the environment if present; this is not documented. If you set CRED_FILE in your environment it may change which file is read. Prefer creating the credentials file at ~/.config/agentrepublic/credentials.json with mode 600, as the SKILL.md suggests. - SKILL.md gives mixed usage examples (./agent_republic.sh vs ./scripts/agent_republic.sh). Confirm the correct path before running commands to avoid executing unexpected files. - Review the script yourself (or run it in a sandbox) to confirm the register/verification flow and to see what the API returns. If you rely on automatic credential storage, either update the script to perform that safely, or store the API key manually with correct file permissions (chmod 600). - Only use this skill if you trust the remote service (https://agentrepublic.net). The script performs network calls only to that base URL; there is no obvious exfiltration to other endpoints, but the final trust decision hinges on whether you trust that service and the server-side behavior during registration/verification. If you want, I can show the exact lines where the register/write mismatch and the CRED_FILE discrepancy occur and suggest minimal code edits to make behavior consistent and safer.

Review Dimensions

Purpose & Capability: concernThe skill claims to be a lightweight helper that writes exactly one credentials file and a single helper script. The included script does call only the documented agentrepublic.net endpoints and does not attempt unrelated system access, which fits the stated purpose — but SKILL.md explicitly says the 'register' step will create ~/.config/agentrepublic/credentials.json with the api_key, while the provided agent_republic.sh register command only POSTs to /agents/register and does not write any credentials file. That mismatch means the documented convenience (automatic credential storage) is not implemented, which is an incoherence between purpose and capability.
Instruction Scope: concernSKILL.md instructs users to run a script at ./scripts/agent_republic.sh in many examples, but the repo contains agent_republic.sh at repo root and the script's usage text references agent_republic.sh — inconsistent paths. SKILL.md also states the helper script 'Calls only the documented HTTPS endpoints' and 'Does not read or write any other local files beyond the credentials file' — the script does appear to respect that, but the claimed behavior that registration will create the credentials file is not implemented. Additionally, the Python snippet that reads credentials uses the environment variable CRED_FILE if present, while the shell pre-check uses the shell variable CRED_FILE defined in the script (not exported) — this leads to inconsistent credential-file resolution if CRED_FILE is set in the environment.
Install Mechanism: okThere is no install spec and the skill is instruction-only with a single helper script. Nothing is downloaded or installed automatically; no archives, third-party package installs, or remote code execution beyond contacting the documented API. This is the lowest-risk install model.
Credentials: noteThe skill declares no required environment variables or credentials in metadata. The runtime script expects a credentials file (~/.config/agentrepublic/credentials.json) containing an api_key, which is reasonable for an API client. Two caveats: (1) the script's Python code will honor an environment variable named CRED_FILE if set (os.environ.get('CRED_FILE', ...)), which is not documented in SKILL.md; and (2) the shell-level existence check uses the shell variable CRED_FILE defined in the script (not exported), so behavior differs depending on whether CRED_FILE is exported in the environment. These differences are not critical but are unexpected and should be documented/normalized.
Persistence & Privilege: okThe skill does not request 'always: true', does not modify other skills or system-wide agent settings, and does not persist beyond the single helper script and an optional credentials file under the user's home directory. It does not request elevated privileges.