Back to skill
Skillv2.3.0+5
ClawScan security
Latchkey · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 6, 2026, 10:49 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions are internally consistent with a CLI wrapper that injects HTTP API credentials; the main risks are the usual ones for running an npm-installed CLI that holds API tokens and letting the agent issue arbitrary curl requests.
- Guidance
- This skill appears to be what it says: a wrapper around an npm 'latchkey' CLI that injects stored credentials into curl requests. Before installing or allowing the agent to use it: 1) Verify the npm package author, version, and checksum (review the package source code if possible). 2) Confirm where and how latchkey stores and encrypts credentials on disk; prefer local, encrypted storage and understand the backup/export behavior. 3) Limit autonomous use: require user confirmation before the agent issues curl requests that could modify resources (create/delete). 4) Avoid configuring broad or high-privilege API tokens in latchkey without restricting their scope. 5) If concerned, test the CLI in a sandboxed environment or container first. These steps reduce supply-chain and credential-exfiltration risk.
Review Dimensions
- Purpose & Capability
- okThe name/description (a generic HTTP-API helper) matches the declared requirement (a latchkey binary) and the install spec (npm latchkey). No unrelated env vars, binaries, or config paths are requested.
- Instruction Scope
- noteSKILL.md instructs the agent to use 'latchkey curl' as a transparent wrapper and to pass all curl args through. That is appropriate for the stated purpose, but it means the agent can cause arbitrary authenticated HTTP requests with whatever credentials the user has configured—so the agent should not be allowed to construct or run curl invocations without user review when sensitive actions are possible.
- Install Mechanism
- noteInstall uses the public npm package 'latchkey' which is a reasonable distribution channel for a Node CLI. Npm packages carry supply-chain risk (malicious or vulnerable code); nothing in the manifest points to a forged/obscure download, but you should verify package provenance/version/signature before installation.
- Credentials
- okNo environment variables or primary credentials are requested by the skill itself, which is proportionate. The tool manages API tokens locally per the instructions; that behavior is expected, though the SKILL.md's claim that credentials 'are never transmitted anywhere beyond the endpoints specified by the actual curl calls' is a trust assertion you cannot verify from the manifest alone.
- Persistence & Privilege
- okalways is false and the skill doesn't request persistent platform privileges or modify other skills. The agent may invoke the skill autonomously (default), which is normal; consider policy controls if you don't want autonomous HTTP actions.