Skillv0.5.3

ClawScan security

Daily Dev Agentic · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousFeb 13, 2026, 11:59 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is mostly coherent for managing a daily.dev feed, but it explicitly instructs fully autonomous behaviour (no confirmations), schedules cron jobs, and will fetch and store external content — these autonomy and sharing details are potentially risky and deserve review before install.
Guidance: This skill is coherent with its daily.dev purpose, but it asks the agent to operate fully autonomously (create feeds, follow tags, fetch and store articles, and share findings) without confirmations. Before installing: 1) Confirm how 'share with owner' will be delivered (chat message, email, external API) and whether you’re comfortable with that channel. 2) Use a least-privileged or revocable DAILY_DEV_TOKEN and check daily.dev logs for activity. 3) Consider requiring manual approval for actions that change feeds/tags or send alerts. 4) Review where the skill will store memory/notes (filesystem or service) and whether that may expose sensitive context. 5) If you want safer behavior, ask the skill author to make follow/unfollow, feed creation, and sharing explicit approvals (or add a confirmation step) and to document exactly where alerts go. If unsure, run in a sandboxed environment and monitor API usage before granting broad access.

Purpose & Capability: okName, description, and required credential (DAILY_DEV_TOKEN) align with using the daily.dev API. No unrelated env vars or binaries are requested.
Instruction Scope: concernSKILL.md tells the agent to run entirely autonomously ('No confirmations. No hand-holding.'), create and configure feeds, follow/unfollow tags, fetch full articles (web_fetch) from arbitrary URLs, and write persistent notes to memory/. It does not specify how 'sharing with owner' is performed. The autonomy plus network fetches and persistent writes increase the chance of unexpected actions or data exposure.
Install Mechanism: okNo install spec or code is included (instruction-only), so nothing is downloaded or written to disk by the skill installer itself — low install risk.
Credentials: noteOnly DAILY_DEV_TOKEN is required, which is appropriate. The README warns not to send the token outside api.daily.dev. Confirm the token scope/permissions (use the least-privileged token possible) and verify daily.dev offers token revocation/logging.
Persistence & Privilege: concernalways:false (not force-included) but the skill explicitly directs the agent to schedule crons, update memory files, and run without owner confirmations. Autonomous invocation combined with unsupervised changes to memory and automatic sharing increases blast radius of any misconfiguration or misuse.