Skillv0.1.0

ClawScan security

Synclaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 20, 2026, 10:51 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's described workflow (building a profile from conversation history and sending it to a server) conflicts with its declared absence of network/config requirements and its claim that data stays local — the instructions are underspecified and could expose sensitive conversation data.
Guidance: Do not install or enable this skill until the publisher clarifies key details. Ask for: (1) exact data flow — the server URL(s) and what is sent; (2) authentication and who controls the server; (3) a privacy policy and retention/deletion rules; (4) whether the skill truly requires access to your conversation history and explicit consent mechanisms; (5) an install manifest or source code you can audit. The SKILL.md currently contradicts itself (claims data stays local but also sends profiles to a server) and omits endpoints/credentials — this is a privacy risk. If you must try it, test with synthetic/non-sensitive data only and require explicit opt-in before any real conversation history or personal data is transmitted.

Review Dimensions

Purpose & Capability: concernThe name/description (compatibility matching) is plausible, but the SKILL.md says the agent will build a 'deep psychological profile from your LLM conversation history' and 'send the profile to the SynClaw server' while the registry shows no network endpoints, no required credentials, and no install payload. Requiring access to full conversation history and an external matching server are not justified by the absence of any declared endpoints/credentials — mismatch between claimed behavior and declared requirements.
Instruction Scope: concernRuntime instructions explicitly direct the agent to read LLM conversation history (sensitive personal data) and to send the derived profile to a remote server. The SKILL.md provides no server endpoint, no authentication details, and no privacy/consent guidance. It also contains a direct contradiction ('profile is sent to the SynClaw server' vs 'Your data stays local. Always'). This is scope creep and a privacy risk.
Install Mechanism: noteThe skill is instruction-only with no install spec or code (lowest technical installation risk). However, the README suggests installation via 'clawhub install synclaw' despite there being no declared install manifest — this is misleading and should be clarified by the publisher.
Credentials: concernRegistry metadata lists no required env vars/credentials, but the instructions imply network communication with an external SynClaw service. That external communication typically requires endpoints and credentials or at least a privacy policy; the absence of these is disproportionate and inconsistent with the stated actions. The agent would also need access to conversation history, which is sensitive and not declared in requirements.
Persistence & Privilege: noteFlags show no elevated persistence (always: false) and normal autonomous invocation. The skill does not request persistent system changes in the manifest. Nonetheless, its runtime instructions would require the agent to read and possibly transmit sensitive local conversation data — a privacy/privilege concern even without persistent installation.