Skillv1.0.3

ClawScan security

Al Image Generation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 20, 2026, 6:54 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and instructions are generally consistent with a ShortAPI image-generation integrator and only ask for a ShortAPI API key, but there are a few inconsistencies and an incomplete/truncated instruction that warrant caution before installing.
Guidance: This skill appears to do what it says: it helps discover model-specific schemas on ShortAPI and submit image-generation jobs using your SHORTAPI_KEY. Before installing, consider the following: (1) confirm you trust shortapi.ai and that the key you provide has only the minimal permissions you need, because the key will be sent as a Bearer token to ShortAPI endpoints; (2) note the SKILL.md is truncated in the package — ask the publisher for the full instructions so you can verify there are no additional behaviors; (3) the documentation asks the agent to fetch Markdown schemas from a second hostname (shortapi.ai) even though the security section claims only api.shortapi.ai is contacted — ask the author to resolve this inconsistency; (4) remote Markdown parsing is required by the skill and could expose the agent to unexpected content, so ensure any agent behavior that executes or interprets fetched content is sandboxed or validated; and (5) consider treating the SHORTAPI_KEY as sensitive (store in a secret manager, scope the key) and test with a non-production key first.

Review Dimensions

Purpose & Capability: okThe skill claims to be a ShortAPI image-model integration helper and the declared requirement (SHORTAPI_KEY) and endpoints (shortapi.ai / api.shortapi.ai) align with that purpose. No unrelated binaries, installs, or extra credentials are requested.
Instruction Scope: concernMost runtime instructions stay within the stated purpose (fetch model schema, build payload, POST to api.shortapi.ai). However: (1) the SKILL.md's 'Endpoint Isolation' claim (only contact https://api.shortapi.ai) contradicts Step 1 which requires GET requests to https://shortapi.ai/api/skill/<model_id> (different hostname). (2) The SKILL.md provided to the evaluator is truncated (ends with 'DO NOT ask for or …[truncated]'), leaving the final required behavior unspecified. (3) The skill requires the agent to fetch and parse remote Markdown schema documents — this is expected for the feature but is a runtime source of untrusted input (a vector for malformed or hostile content) and should be handled carefully.
Install Mechanism: okInstruction-only skill with no install spec and no code files, so nothing is written to disk or automatically installed by the skill package itself.
Credentials: noteOnly SHORTAPI_KEY is required, which is proportionate to a service integrator. Minor metadata inconsistency: the registry metadata reported 'primary credential: none' even though SHORTAPI_KEY is the central credential for operation — the skill metadata should mark SHORTAPI_KEY as the primary credential to avoid confusion. The SKILL.md also states the key must never be leaked to callbacks; that's appropriate but not enforceable by metadata alone.
Persistence & Privilege: okalways:false, no installs, and no requests to modify other skills or system config. The skill does allow normal autonomous invocation (platform default) but does not request elevated persistent presence.