Skillv0.1.0

ClawScan security

Powerdrill Data Analysis · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:03 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated Powerdrill data-analysis purpose, but the package metadata fails to declare required credentials (and the skill will read local files and upload them), which is an incoherence you should understand before installing.
Guidance: This package implements a Powerdrill client and will upload files you point it at to https://ai.data.cloud/api and perform dataset/session/job operations — that matches its description. Before installing, verify the source and trustworthiness (there's no homepage and owner is unknown). Important specifics: - The code requires POWERDRILL_USER_ID and POWERDRILL_PROJECT_API_KEY, but the skill metadata does not declare those env vars; confirm where you will store/provide the API key and that the publisher is trustworthy. - The client will read local files you specify and upload them to remote upload URLs returned by the API. Do not use it with sensitive or confidential data unless you trust the Powerdrill service and the skill's provenance. - The client will call sys.exit if credentials are missing — this may terminate an agent process unexpectedly. If you still want to proceed: obtain the API key from a trusted source, set the two environment variables before running, and review the full script locally. If provenance is unclear, prefer obtaining an official SDK or using Powerdrill's documented endpoints directly.

Review Dimensions

Purpose & Capability: okThe name/description, SKILL.md, README, and the included Python client all consistently implement Powerdrill dataset, upload, session, and job operations against https://ai.data.cloud/api. The requested capabilities line up with the stated purpose.
Instruction Scope: noteRuntime instructions and the client instruct the agent to read local files (upload_local_file), poll dataset status, create/delete datasets and sessions, and post multipart uploads to URLs returned by the API. Those actions are expected for a data-upload/analysis skill, but they do involve reading arbitrary local files you point it at and sending them to an external service (Powerdrill). The client also calls sys.exit when required env vars are missing, which may terminate an agent process unexpectedly.
Install Mechanism: okNo install spec is provided (instruction-only + a bundled Python client). Only an ordinary Python dependency ('requests') is required per the README/SKILL.md. No downloads from untrusted URLs or archive extraction are present.
Credentials: concernThe SKILL.md and client require two environment variables (POWERDRILL_USER_ID and POWERDRILL_PROJECT_API_KEY) to authenticate with Powerdrill, and the client reads them at runtime. However, the registry metadata included with the skill lists no required environment variables or primary credential — this metadata omission is an incoherence and a security-relevant gap. The credential scope itself is proportional (just the service API key + user id), but it is not declared where one would expect it to be.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills or system-wide agent settings in the visible files, and is user-invocable. It does perform network calls to the Powerdrill API as expected; autonomous invocation is allowed by default but is not in itself a new red flag here.