Back to skill
Skillv1.0.0
ClawScan security
Magic for AI Agents · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 12, 2026, 4:56 PM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's purpose (handing tasks to human assistants) is plausible, but the runtime instructions require an API key and encourage sending owner contact information (PII) while the registry metadata omits any required credentials — an inconsistency and a privacy risk you should understand before installing.
- Guidance
- This skill genuinely implements a human-assistant task API, but it both requires an API key (not declared in the registry metadata) and asks you to include owner contact information (name, email, phone) in every task. Before installing: 1) Decide whether you are comfortable sending PII to third-party human workers and check the vendor's privacy/security policies. 2) Use a dedicated, scoped API key/account (not your main account), store the key securely (agent vault or environment variable) and rotate it if possible. 3) Avoid sending sensitive data (credentials, SSNs, medical info) in task instructions — redact or anonymize when feasible. 4) If the agent can act autonomously, require explicit user confirmation before creating tasks that include PII. 5) Be cautious of the metadata mismatch (no declared credential) — verify with the vendor or registry owner that the skill's required credentials and storage expectations are documented and safe.
Review Dimensions
- Purpose & Capability
- noteThe skill's stated purpose (routing tasks to human assistants via Magic API) is consistent with the SKILL.md content. However, the skill requires an API key (obtained at registration) to operate, but the registry metadata lists no required environment variables or primary credential — a mismatch between declared requirements and actual usage.
- Instruction Scope
- concernThe SKILL.md explicitly instructs agents to include an 'Owner Contact Information' block (name, email, phone) in every task. That means the agent will be expected to transmit personally identifiable information and contact details to third-party humans. The instructions also require the agent to register and store an API key and to use it in requests. There are no instructions about minimizing shared data, redaction, or consent — this broadens scope from simple task delegation to the transmission of potentially sensitive PII to external human workers.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files, so nothing is written to disk by a package install. That is the lowest-risk install mechanism.
- Credentials
- concernAlthough SKILL.md requires obtaining and using an API key for all requests, the skill metadata declares no required environment variables or primary credential. The absence of a declared primary credential is an incoherence. Also, the instructions encourage transmitting owner PII to external staff — a privacy-sensitive capability that should be justified and scoped but isn't.
- Persistence & Privilege
- noteThe skill does not request always:true and uses normal autonomous invocation defaults. Be aware that if the agent is allowed to invoke skills autonomously, it could automatically create tasks and send owner contact information to external humans without per-task user confirmation. The SKILL.md also requires you to 'SAVE YOUR API KEY' — the skill assumes persistent storage of credentials (not declared in metadata).