Skillv1.1.0

ClawScan security

Ohmy Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 23, 2026, 3:38 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: Skill's stated features (inspection, optimization, ranking, recommendations) are plausible, but the runtime instructions are high-level and omit where ranking/recommendation data come from and what external calls the agent should make, leaving room for unexpected network access or broad data reads.
Guidance: This skill appears to be what it says (inspection, optimization, rankings, recommendations) but the runtime instructions are vague about where leaderboard and recommendation data come from and what external network calls will be made. Before installing or running it: - Ask the author to specify the data sources/endpoints used for '实时排行榜' and '智能推荐' and to declare any required credentials (API keys) in requires.env. - If the skill needs to call external APIs, request a whitelist of domains and the exact request patterns. - Avoid enabling autonomous invocation on agents that have access to sensitive credentials or private skill stacks until you confirm the endpoints. - When trying it, run first in a sandboxed agent or with a non-sensitive sample skill and review any generated SKILL.md before applying changes. - If you cannot get concrete endpoint/credential info, treat the feature that fetches rankings/recommendations as potentially network-active and limit its privileges.

Review Dimensions

Purpose & Capability: noteThe name/description (inspect, score, auto-optimize, leaderboard, recommendations for ClawHub skills) matches the SKILL.md capabilities. However the skill claims to '实时获取全站/分类 Top 技能排行榜' and '智能推荐' without declaring how it will obtain that data (no API endpoints, no required credentials, no declared network sources). That omission is not fatal but makes the capability under-specified: legitimate implementations might need access to a ClawHub API or website, which should be declared.
Instruction Scope: concernSKILL.md is high-level (scan SKILL.md, produce optimized SKILL.md, query rankings, recommend skills) but contains no concrete runtime steps, endpoints, or data-flow constraints. The instructions give the agent broad discretion (e.g., to fetch '实时' leaderboards or consult the user's installed skill stack) which could lead the agent to perform network requests or read other installed skills/configs. There are no explicit directives to read unrelated system files or env vars, but the vagueness effectively grants wide latitude.
Install Mechanism: okNo install specification and no code files — instruction-only skill. This minimizes on-disk risk because nothing is downloaded or executed by an install script.
Credentials: okThe skill declares no required environment variables, binaries, or credentials. That is proportionate to an instruction-only inspector. The lack of declared credentials is also the main cause of ambiguity for ranking/recommendation features: if those require access to protected APIs, credentials are missing from the manifest.
Persistence & Privilege: okalways:false and user-invocable:true. Model invocation is allowed (default), which is normal for skills. The skill does not request persistent system-wide privileges.