Skillv1.0.3

ClawScan security

Al Music Generation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 20, 2026, 6:52 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions are coherent with its stated purpose (discovering and invoking ShortAPI music models); it only asks for a ShortAPI API key and has no install-time code, but there are a few small documentation/instruction inconsistencies you should be aware of before installing.
Guidance: This skill appears to do what it says: it fetches per-model schemas from ShortAPI and submits jobs using your SHORTAPI_KEY, then polls the ShortAPI job status. Before installing: (1) Confirm you trust shortapi.ai (the skill will send your SHORTAPI_KEY to their API endpoints); (2) note the small domain inconsistency (skill docs fetched from shortapi.ai vs. API at api.shortapi.ai) — verify both domains are legitimate for the vendor; (3) the agent will autonomously poll the status endpoint for up to 5 minutes (network activity may occur after the initial response); if you need to restrict autonomous network behavior, disable model invocation or avoid installing; (4) do not provide other secrets to the skill and avoid using an overly-privileged key; (5) if you plan to use callback_url, ensure you provide a safe, trusted URL because the skill will include it in requests. If you want more assurance, test the skill with a throwaway/limited ShortAPI key and monitor network requests during an early run.

Review Dimensions

Purpose & Capability: okThe skill claims to discover and fetch model integration parameters for ShortAPI music models and the SKILL.md only describes calls to shortapi.ai / api.shortapi.ai and use of a SHORTAPI_KEY. Requesting a single SHORTAPI_KEY is proportional to the described functionality (creating jobs, querying status). There is no unrelated credential or binary requested.
Instruction Scope: noteThe instructions are explicit about fetching per-model schema docs (GET https://shortapi.ai/api/skill/<model_id>), constructing a POST to https://api.shortapi.ai/api/v1/job/create using Authorization: Bearer $SHORTAPI_KEY, and polling the job status. These actions are within the claimed scope. Two small inconsistencies: the doc claims 'only communicates with https://api.shortapi.ai' but earlier steps use https://shortapi.ai for the skill document (different subdomain), and the skill mandates the agent 'continue to poll the status endpoint in the background silently' for up to 5 minutes — this means the agent will autonomously make network requests after initial invocation (not malicious per se, but important for users to know).
Install Mechanism: okInstruction-only skill with no install spec and no code files. Nothing is written to disk or downloaded at install time, which is the lowest-risk install posture.
Credentials: okOnly a single environment variable (SHORTAPI_KEY) is required; this is consistent with an API-key-based integration. No unrelated secrets, config paths, or broad credential requests are present. (Registry metadata lists no primary credential but the SKILL.md declares SHORTAPI_KEY — functionally coherent.)
Persistence & Privilege: noteThe skill does not request always:true and uses normal autonomous invocation. However, it requires continued background polling (up to 5 minutes) and storing job_id/polling state in conversation context — this grants the skill the ability to initiate and continue network activity after the initial user request. That's expected for asynchronous job polling but is noteworthy for users who want to limit autonomous network activity.