Back to skill
Skillv0.1.0
ClawScan security
LLM Signal GEO Analyst · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 7, 2026, 12:40 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files, env requirements, and runtime instructions are coherent with its stated purpose (calling LLM Signal agent plan/status endpoints), though there are a few operational privacy risks to be aware of.
- Guidance
- This package appears to do what it says: call your LLM Signal endpoints and return action plans. Before installing, consider the following: (1) the scripts embed your API key in the JSON payload and in the curl command — that means the key (and any persisted run history) may be stored on the remote service and the key could be exposed in local process lists or shell history. Prefer sending only an authentication header and avoid including the key in request bodies if the service accepts header auth. (2) Avoid running these scripts on multi-tenant/shared hosts where process args are visible, or use safer calling patterns (e.g., pass JSON on stdin or use .netrc/token files) to avoid command-line leakage. (3) Confirm what 'persist=true' stores on the vendor side; if it stores full payloads, do not include secrets in those payloads. (4) Use a least-privilege/rotatable API key for LLMSIGNAL, and rotate it if you decide to remove the skill. These are operational hygiene items — the skill's requested resources are otherwise consistent with its stated purpose.
- Findings
[pre-scan-injection-signals] expected: No pre-scan injection signals detected. This is expected for a small instruction+script package.
Review Dimensions
- Purpose & Capability
- okName/description match the requested resources: the skill talks to LLM Signal agent endpoints and requires LLMSIGNAL_BASE_URL, LLMSIGNAL_SITE_ID, and LLMSIGNAL_API_KEY and curl/bash/sh to run the included scripts. Required binaries and env vars are proportional to the declared purpose.
- Instruction Scope
- noteSKILL.md and prompts direct the agent to call /api/agent/v1/plan and /api/agent/v1/status and to persist runs. The instructions do not request unrelated files or credentials. Two operational issues: (1) the templates and scripts include the API key in the JSON body (and also send it as a header), and (2) executing curl with the API key embedded in the command line can expose the key in process lists or shell history. Both are scope-consistent but increase secret exposure risk.
- Install Mechanism
- okNo install spec is present (instruction-only + bundled scripts). No downloads or external install sources are used, which minimizes supply-chain risk.
- Credentials
- noteThe declared environment variables are strictly the service base URL, site id, and API key — appropriate for an API-integration skill. However, the API key is duplicated into the request body and sent with persist=true, which means the key (and run content) may be stored on the remote service; this increases exposure beyond typical header-only authentication and should be justified or removed.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. Persisting run history is a declared behavior (persist=true) that applies to the remote service; the skill does not request elevated platform privileges or modify other skills' configs.