Skillv1.0.0

ClawScan security

Web Hosting · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 14, 2026, 4:43 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (publish local sites via GitHub → Vercel/Netlify) is plausible, but it mandatorily requires a MATON_API_KEY (a third‑party control-plane credential) and orchestrates installs via npx, which is disproportionate and raises risk around where repository contents and credentials are sent.
Guidance: Before installing or invoking this skill, ask the publisher to explain exactly how MATON_API_KEY is used: does your repository source or secrets get proxied through Maton's servers, or are actions performed locally? Prefer using direct provider credentials (GitHub PAT, Vercel/Netlify tokens) if possible. Inspect the clawhub/npm package (clawhub@latest) that will be fetched by npx and the referenced upstream skills (github-api, vercel, netlify, api-gateway) so you understand where code and data are sent. If you must test, use a throwaway repository and minimal-privilege/dummy tokens first. Avoid granting broad MATON_API_KEY scopes until you confirm the control plane's behavior and data retention policies. Finally, be cautious about the agent reading home paths like ~/Projects/manager — restrict its working directory to only the project you intend to publish.

Review Dimensions

Purpose & Capability: noteName/description match the actions described (create repo, push, trigger Vercel/Netlify, wire domains). Required binaries (git/node/npm/npx) make sense. However, the skill mandates MATON_API_KEY for the github-api and api-gateway paths — this delegates GitHub/API operations to a Maton control plane instead of using a direct GitHub token, which is unexpected and should be justified.
Instruction Scope: concernSKILL.md tells the agent to audit the project, initialize git, create a remote via github-api, push, run vercel/netlify CLIs, and optionally manage domains. Those steps are within purpose, but the github-api and api-gateway routes are mediated by Maton (MATON_API_KEY) — this implies actions and possibly repository metadata/content will be routed to an external control plane. The doc also references a specific local path (~/Projects/manager) for domain-dns-ops, which could cause the agent to look in user home directories. The instructions to install other skills via npx implicate network installs at runtime.
Install Mechanism: noteThe skill is instruction-only (no files to execute), which reduces on-disk risk. But it instructs using 'npx -y clawhub@latest install ...' to fetch/install other skills — that will download and run code from the npm registry at runtime. This is a common pattern but still a non-trivial dynamic install operation that fetches third-party code and should be reviewed before execution.
Credentials: concernOnly MATON_API_KEY is declared as required, but the skill also expects VERCEL_TOKEN/NETLIFY_AUTH_TOKEN or CLI logins. Requiring MATON_API_KEY as mandatory for GitHub operations is disproportionate: a GitHub personal access token would be the usual, minimal credential. MATON_API_KEY grants access to a separate control plane (Maton) and could allow that external service to act on behalf of the user across multiple providers; the need for it is not justified in the doc beyond 'github-api requires it.'
Persistence & Privilege: noteThe skill does not force installation into every agent run (always: false) and is user-invocable. Model invocation is enabled (disable-model-invocation: false), so the agent could autonomously run the orchestration when invoked — combined with a broad external credential (MATON_API_KEY) and runtime installs, this increases the blast radius if the key is overprivileged. The skill does not declare modifying other skills' configs.