Skillv1.0.2

ClawScan security

X Knowledge Base · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 20, 2026, 7:55 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill largely implements what it says (collect X bookmarks, fetch full text, summarize, and run trend analysis), but there are clear inconsistencies in declared requirements and non-obvious privacy/exfiltration risks (sending bookmark/article content to external services) that you should review before installing.
Guidance: Key things to consider before installing: - Metadata mismatch: The registry says no required env vars/binaries, but the SKILL.md and scripts require BIRD_AUTH_TOKEN and BIRD_CT0 and expect bird CLI, curl, and Python. Confirm these requirements and failure modes before installing. - Privacy / data exfiltration: The skill sends bookmark/article URLs and full text to external services (r.jina.ai for fetching page content and the MiniMax endpoint for summarization). If your bookmarks contain private or sensitive content, that content will be transmitted to third parties. Only provide API keys/tokens if you trust those services and accept that data flow. - Token scope and handling: BIRD tokens grant access to your X/Twitter account bookmarks—treat them like passwords. Provide the minimal-privilege tokens and avoid running the skill on a shared account or host you don't control. - Default paths and filesystem access: Scripts use hardcoded defaults under /home/ubuntu/clawd/..., which may read/write many files in that tree. Consider running in an isolated environment (container or dedicated user) and override SOURCE_DIR/BOOKMARKS_DIR/OBSIDIAN_DIR to safe locations. - Optional API keys: You can skip AI summarization by leaving MINIMAX_API_KEY unset (scripts check for this), reducing external calls. - Inspect and test locally: Because code is bundled, review or run the scripts in a safe environment first. Pay attention to the Jina URL variants in docs vs scripts (they differ slightly) and test with non-sensitive bookmarks. If you want to proceed, run the skill in an isolated VM/container, set explicit target directories, and avoid providing API keys until you verify behavior with dummy data.

Review Dimensions

Purpose & Capability: concernThe code and docs implement bookmark collection, article fetching, AI summarization, cross-linking, and trend analysis which match the description. However the registry metadata claims no required environment variables or binaries while the SKILL.md/scripts require BIRD_AUTH_TOKEN/BIRD_CT0 and tools (bird CLI, curl, python3). That mismatch is incoherent and should have been declared.
Instruction Scope: noteRuntime instructions and scripts read and write Markdown bookmark files under default paths (e.g. /home/ubuntu/clawd/memory/bookmarks and ~/clawd/obsidian-vault), call external endpoints (r.jina.ai for full-text fetching and the MiniMax API for summarization), and store trend JSON files. These actions are within the skill's stated purpose, but they will transmit bookmark/article content to third-party services (Jina, MiniMax), which is a privacy/exfiltration risk the user must accept explicitly.
Install Mechanism: noteNo install spec is provided (instruction-only install), so nothing is auto-downloaded during installation. Code files are bundled with the skill and will run on the host. The lack of an install step reduces supply-chain risk, but bundled scripts assume availability of system tools (bird, curl, python3) that are not declared in the registry metadata.
Credentials: concernThe SKILL.md and scripts require BIRD_AUTH_TOKEN and BIRD_CT0 (Twitter/bird CLI auth) and optionally MINIMAX_API_KEY; those are appropriate for the stated functionality. However the registry metadata lists no required env vars, which is inconsistent. Also supplying the MiniMax key (or using Jina proxy) will send bookmark/article contents to third-party services — this is proportionate only if you accept that external transmission of your bookmarked content is intended.
Persistence & Privilege: okThe skill does not request always: true and does not modify other skills. It writes files into user-level directories (~/clawd/...), creates trends JSON, and updates bookmarks — this is expected for a knowledge-base tool, but be aware of the default hardcoded paths that may need changing.