Back to skill
Skillv1.0.1
ClawScan security
Craft Connect · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 12, 2026, 10:22 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's description matches a Craft Connect integration, but its runtime instructions ask for a secret (CRAFT_API_URL) and to read a local TOOLS.md file even though the registry metadata declares no required env vars or config paths — an incoherence that merits caution.
- Guidance
- This skill appears to be a valid Craft Connect wrapper, but the SKILL.md requires a CRAFT_API_URL (an embedded link token) and instructs the agent to read TOOLS.md — while the registry metadata lists no required env vars or config paths. Before installing: 1) Ask the author to update the registry metadata to declare CRAFT_API_URL (or change instructions to use a declared env var). 2) Avoid storing link tokens in plaintext files like TOOLS.md; prefer a properly scoped environment variable or secrets store. 3) Confirm you trust the agent to access the Craft space reachable by that token (consider using a limited/test space). 4) If you must allow the agent to read local files, restrict which files it can access. If the author cannot justify the metadata mismatch, treat the skill as untrusted.
- Findings
[no_regex_findings] expected: Scanner found nothing because this is instruction-only (no code files). Absence of findings is expected but not evidence of safety.
Review Dimensions
- Purpose & Capability
- concernThe skill claims to talk to the Craft Connect API (create/read/update/search documents) which legitimately requires an API base URL/link token. However, the registry metadata lists no required env vars or primary credential while SKILL.md explicitly requires CRAFT_API_URL and curl. The mismatch between declared requirements and the instructions is an inconsistency.
- Instruction Scope
- concernSKILL.md instructs the agent to read TOOLS.md to obtain the CRAFT_API_URL and to use curl for all requests. Asking the agent to read a local file (TOOLS.md) is outside the declared config paths and grants access to local secrets; otherwise, the instructions stick to the Craft API and do not propose exfiltration to unrelated endpoints.
- Install Mechanism
- okThis is an instruction-only skill with no install spec or code files, so nothing is written to disk by the skill itself — lowest install risk.
- Credentials
- concernSKILL.md requires a single sensitive value (CRAFT_API_URL containing an embedded link token) which is proportionate for Craft integration, but the registry metadata does not declare it. The instructions also recommend storing the token in TOOLS.md (a plaintext file), which is a risky storage pattern and not documented in the skill's declared config.
- Persistence & Privilege
- okThe skill does not request always:true and is user-invocable; it does not claim to modify other skills or system configuration. Autonomous invocation is allowed (platform default) but not combined here with other high privileges.