Back to skill
Skillv1.0.0
ClawScan security
Affinity Readonly · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 13, 2026, 7:00 PM
- Verdict
- Review
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill implements a simple read-only Affinity GET helper and its instructions/script match the stated purpose, but the registry metadata does not declare the required AFFINITY_API_KEY and the base-URL override (AFFINITY_API_BASE) creates a potential exfiltration vector — verify before installing.
- Guidance
- This skill appears to do what it says (make read-only GET calls to Affinity) and the script does not print the API key, but there are a few things to check before installing: 1) Confirm the registry metadata is updated to declare AFFINITY_API_KEY as a required environment variable (the SKILL.md and script require it). 2) Use a least-privilege Affinity API key (read-only scope) — do not use an admin key. 3) Ensure AFFINITY_API_BASE is not set to an untrusted URL (because the script will send the API key to whatever base URL is configured). 4) Verify the skill's source/homepage and publisher identity (no homepage provided here) or test the script in a sandbox first. If those checks are satisfied, the skill is likely acceptable; if the publisher cannot justify the metadata mismatch or if AFFINITY_API_BASE is uncontrolled, do not install.
Review Dimensions
- Purpose & Capability
- noteThe name/description promise read-only Affinity access and the included script plus SKILL.md implement that: GET-only requests to the Affinity API using a Bearer token. However, the published registry metadata lists no required environment variables while SKILL.md and the script require AFFINITY_API_KEY (and optionally AFFINITY_API_BASE). This mismatch is an incoherence that should be corrected.
- Instruction Scope
- okSKILL.md enforces GET-only behavior and the script performs only curl --get requests with Accept: application/json and Authorization: Bearer <key>. The instructions do not direct reading unrelated files or sending data to unexpected endpoints (beyond the base URL).
- Install Mechanism
- okNo install spec and only a small bundled shell script are provided, so nothing is downloaded or installed at runtime. Risk from install mechanism is low.
- Credentials
- concernThe script and SKILL.md require AFFINITY_API_KEY (and allow overriding AFFINITY_API_BASE), but the registry metadata lists no required env vars — this omission is problematic. Also, because AFFINITY_API_BASE is an override, a malicious or misconfigured value could cause the script to send the API key to an attacker-controlled host; ensure AFFINITY_API_KEY is a read-only-scoped key and that AFFINITY_API_BASE is not set to an untrusted endpoint.
- Persistence & Privilege
- okalways:false and no requests to modify agent configuration or other skills. Autonomous invocation is allowed by default (normal) and does not by itself increase risk given the limited scope, but users should be aware the agent could call the skill when relevant.