Skillv1.0.2

ClawScan security

Shareone · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 9, 2026, 6:32 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill appears to implement the advertised ShareOne upload functionality, but there are several incoherences and risky behaviors (handling of conversation content, local credential storage, and a configurable upload endpoint) that warrant caution before installing or using it.
Guidance: This skill does perform the advertised uploads, but exercise caution: (1) it will read conversation history and local files and upload them — do not use it with confidential content; (2) it asks users to provide an API key and will save that key in plaintext at ~/.shareone_credentials — prefer setting SHAREONE_API_KEY in your environment securely rather than pasting keys into chat; (3) the code allows the upload endpoint to be overridden (SHAREONE_BASE_URL / --base-url) even though the instructions say to hardcode shareone.app — verify that SHAREONE_BASE_URL is not set to an untrusted host and do not pass a malicious --base-url; (4) inspect or remove ~/.shareone_credentials and .shareone_agreed if you uninstall the skill. Only proceed if you trust shareone.app and are comfortable with local plaintext storage of API keys and the agent uploading conversation/ files.

Review Dimensions

Purpose & Capability: noteThe name/description match the bundled scripts: the skill uploads HTML/PDF/PPTX or conversation-derived content to ShareOne and returns share links. However the registry metadata declares no required env vars while the SKILL.md and scripts clearly expect a SHAREONE_API_KEY and optionally a SHAREONE_BASE_URL; the skill also writes credential and consent files to the user's home directory (~/.shareone_credentials and .shareone_agreed). These are coherent with the stated purpose but the metadata omission is inconsistent and worth noting.
Instruction Scope: concernThe runtime instructions explicitly direct the agent to extract the last generated conversation text or search for 'recently generated or edited files' and save them locally to upload. That means the agent may send prior conversation history or arbitrary local files to an external service. The SKILL.md also instructs the agent to ask the user to paste an API key into chat (which the skill will then save to disk), increasing the risk of secret exposure. The SKILL.md mandates a hardcoded domain (https://shareone.app) when returning share URLs, but the included scripts accept an override (SHAREONE_BASE_URL / --base-url), creating a mismatch between instructions and actual behavior.
Install Mechanism: noteThis is an instruction-only skill with bundled Node.js scripts (no external install spec or downloads). That lowers supply-chain risk, but the packaged scripts will read and write files on disk (including credentials in the user's home directory). There is no attempt to download arbitrary code at runtime.
Credentials: concernThe skill requires an API key for ShareOne (SHAREONE_API_KEY) to function — that is proportionate to the task — but the registry metadata did not list any required env vars, which is inconsistent. Scripts persist API keys in plaintext at ~/.shareone_credentials. Moreover the scripts allow overriding the upload domain via SHAREONE_BASE_URL or CLI args, which could be used to redirect uploads to a different endpoint if an environment variable or argument is set. The skill also encourages the user to paste API keys into chat, which is poor practice for secret handling.
Persistence & Privilege: noteThe skill does not request elevated system privileges nor is it always-enabled. It will create or modify files in the user's home directory (.shareone_credentials and .shareone_agreed) and writes temporary files in the current working directory when packaging conversation content. Persisting credentials and a consent marker is behavior expected for this function, but users should be aware of the local files created and their plaintext nature.