Skillv1.0.0

ClawScan security

Oblien workspace runtime · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 4, 2026, 7:50 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The SKILL.md documents a high‑privilege Oblien workspace Internal API (read/write any file, run commands, open terminals) and references credentials in examples even though the skill declares no required env vars and has no listed source — coherent with its stated purpose but potentially risky and inconsistent in places.
Guidance: This skill is a documentation-style runtime reference for a high-privilege Oblien workspace API. Before installing or enabling it, consider: 1) Source trust — the skill lists no homepage or publisher identity; prefer skills from known/trusted providers. 2) Secrets handling — the SKILL.md uses client_id/client_secret and JWT examples but the registry declares no required env vars; confirm how credentials will be provided and ensure tokens are not leaked. 3) Privileged actions — the API can read/write any file and execute commands; only allow use if you trust the calling agent and have logging/auditing in place. 4) Network exposure — gateway vs direct tokens and public_access settings affect exposure; verify network config. If you want to proceed, ask the publisher for provenance (homepage, repo), clarify which credentials are required, and restrict token scopes and workspace network settings. If you cannot verify the source or secret handling, do not enable autonomous use of this skill.

Review Dimensions

Purpose & Capability: okThe name and description match the instructions: the document is a runtime reference for an Oblien workspace internal API (file access, exec, terminal, watcher). The capabilities described align with the stated purpose of describing the workspace runtime.
Instruction Scope: concernThe document explicitly instructs agents about an Internal API that can read/write any filesystem path, execute arbitrary commands, open interactive PTYs, and stream output — powerful operations that go beyond typical lightweight helper skills. The SKILL.md includes example snippets referencing environment variables (e.g., OBLIEN_CLIENT_ID, OBLIEN_CLIENT_SECRET, GATEWAY_JWT) and command examples even though the skill metadata lists no required env vars; the instructions therefore reference secrets/variables not declared in the registry metadata.
Install Mechanism: okInstruction-only skill with no install spec and no code files. This lowers the disk/write risk because nothing is downloaded or executed by an installer, but the runtime instructions still describe powerful remote APIs the agent may call.
Credentials: concernThe SKILL.md shows and encourages use of sensitive credentials and tokens (client ID/secret, gateway JWT, raw tokens) but the registry entry declares no required environment variables or primary credential. That mismatch reduces clarity about what secrets the skill actually needs and how they should be provided. The documented Internal API also permits reading arbitrary files (which may include system or user secrets) — a high privilege surface that should be justified and protected.
Persistence & Privilege: noteThe skill is not forced always:true and is user-invocable, which is appropriate. However, because the runtime describes an API that grants broad filesystem and command execution capability, autonomous invocation (the default) increases the risk if the skill is allowed to run without additional safeguards. There is no indication the skill modifies other skills or agent configs.