Skillv1.0.0

ClawScan security

Backend Developer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:29 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The package appears to be an AI-powered email-sending agent, but the bundle is incomplete and has mismatches (missing tool/code, undeclared credentials, and no trustworthy metadata), so proceed with caution.
Guidance: This package claims to be an email-sending agent but the bundle is incomplete and metadata is sparse: key modules (EmailTool, DTOs, message templates) are missing and required credentials (OpenAI API key and likely SMTP/email provider credentials) are not declared. Before installing or enabling it: 1) ask the publisher for the missing files and a clear description of what credentials are required and why; 2) review the implementation of the send_email.tool and any email/SMTP integration to ensure it won't send messages without explicit approval; 3) require explicit environment-variable documentation (including OpenAI API key usage) and check where any credentials would be sent or stored; 4) prefer packages with a homepage, repository, or known publisher; 5) if you must test, run it in a restricted/sandboxed environment and do not provide real credentials until you’ve reviewed the missing code. The inconsistencies make this suspicious rather than clearly benign.

Review Dimensions

Purpose & Capability: concernThe skill bundle's name is 'Backend Developer' and no description/homepage is provided, but the README and code implement an EmailAgent. This naming/metadata mismatch is confusing. The code imports an EmailTool, DTOs, and message constants from relative paths that are not included in the package, so the included file alone cannot perform the stated email-sending function.
Instruction Scope: concernSKILL.md describes an EmailAgent with human-in-the-loop approval before sending, and the code enforces middleware interrupt for EmailTool. The instructions do not request unrelated data. However, the runtime instructions and code rely on external modules (send_email.tool, dto, messages) that are absent from the bundle, so actual behavior is undefined and could change depending on the missing implementations.
Install Mechanism: okThere is no install specification (instruction-only + one code file). That minimizes installer-level risk because nothing is downloaded or extracted by the skill installer.
Credentials: concernSKILL.md documents an OPENAI_MODEL env var but the package manifest declares no required environment variables. The code constructs a ChatOpenAI instance which in practice requires OpenAI credentials (e.g., OPENAI_API_KEY) but that credential is not declared. Additionally, sending email normally requires SMTP/integration credentials (not declared). The skill asks for no credentials yet can't function without at least an OpenAI API key and likely email provider credentials — a mismatch that should be clarified.
Persistence & Privilege: okThe skill does not request always:true and uses default autonomous invocation settings (disable-model-invocation: false). Autonomous invocation plus the ability to send emails is a potential risk if the skill actually has send capability, but on its own the persistence/privilege settings are normal.