Skillv0.1.1

ClawScan security

OpenBotAuth · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 14, 2026, 8:47 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions are mostly coherent for generating and registering Ed25519 agent keys, but there are mismatches between the declared metadata and the runtime instructions (notably an undeclared dependency on Node/curl), plus missing source/homepage information — review before installing.
Guidance: This skill largely does what it says (generate an Ed25519 keypair, store it locally, and register it with an OBA service), but before installing: 1) Confirm you have Node.js (v18+), curl and optionally openssl available — the SKILL.md requires them though the manifest does not declare them. 2) Verify the legitimacy of https://openbotauth.org and its token issuance flow before pasting any bearer token (the skill asks you to log in via GitHub and paste a token). 3) Understand that your private key will be stored unencrypted in ~/.config/openbotauth/key.json and a temporary token in ~/.config/openbotauth/token (the skill recommends deleting the token afterward) — protect those files and consider generating keys offline. 4) Prefer to run the provided node/curl commands locally yourself rather than pasting sensitive tokens into a chat window or allowing an autonomous agent to handle them. 5) Ask the publisher for source/homepage or a repository so you can audit the registration step and confirm the API endpoints used. If you cannot validate the remote service or the publisher, consider running the commands in a sandboxed environment or decline to install.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (create and register an Ed25519 identity and sign HTTP requests) matches the SKILL.md instructions (generate keys, register with an OBA API, store keys locally). However the metadata claims no required binaries while the runtime instructions explicitly require Node.js (v18+), curl and optionally openssl. That mismatch is an incoherence: an agent or integrator would need Node/curl to run the provided commands, yet the manifest declares none.
Instruction Scope: noteInstructions are focused on key generation, local storage (~/.config/openbotauth/key.json), and one-time registration using a user-provided token. They explicitly warn not to keep the bearer token in the browsing runtime and to delete the token after registration. The skill tells the user to paste a token obtained from an external site (https://openbotauth.org/token) and to save registration info to agent memory/notes. These actions are consistent with the stated goal, but they involve handling sensitive material (private key and bearer token) and instruct the agent to write secrets to disk and to agent memory — the user should confirm they are comfortable with that and ensure the agent's memory is protected.
Install Mechanism: okThis is an instruction-only skill with no install spec or code files, so nothing will be downloaded or written by an installation step. That reduces installer risk. The runtime still relies on local execution of Node/curl/openssl commands per SKILL.md.
Credentials: okThe skill requests no environment variables or external credentials in the manifest. The runtime requires the user to supply a one-time OpenBotAuth bearer token (obtained through the external site) for registration and stores it temporarily under ~/.config/openbotauth/token. Requesting that token is proportional to the registration step, but the skill's manifest should have declared the runtime requirement for Node/curl/openssl and should explicitly warn about the sensitive nature of the token/private key.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or global agent settings. It writes files only under the user's home directory (~/.config/openbotauth) which is appropriate for identity material. The SKILL.md advises secure file permissions (0700/0600) and to delete the token after use.