Skillv1.0.0

ClawScan security

Harrypotter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 8:58 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (querying the HP-API) and required tools (bash, curl, jq) align, but the package is missing the referenced wrapper script and README instructs you to git-clone a third-party repo — forcing an external code download — which is a supply-chain risk.
Guidance: This skill appears to do what it says (query the public HP-API) and does not request any secrets — that part is fine. However, the published package is incomplete: SKILL.md and README expect a local wrapper script (scripts/harrypotter) that is not included. The README instructs you to git-clone a GitHub repo (https://github.com/jeffaf/harrypotter-skill) and make scripts executable. Before installing or running anything, inspect that remote repository and the exact script contents — do not blindly run chmod +x and execute downloaded scripts. Also note the registry owner (kn754...) does not match the GitHub username in README; ask the publisher to either include the wrapper script in the package or provide an explicit, verifiable install spec (signed release, checksum, or official release URL). If you want a lower-risk option, request that the skill include inline curl/jq examples or an internal instruction-only wrapper so no external code download is required.

Review Dimensions

Purpose & Capability: noteThe name/description (Harry Potter CLI using HP-API) aligns with the declared requirements (bash, curl, jq) and no credentials are requested — that's coherent. However, the SKILL.md and Agent Implementation Notes reference a local wrapper script at {skill_folder}/harrypotter and scripts/harrypotter, but this package contains only README.md and SKILL.md (no scripts). That mismatch means the published skill cannot run as-described without fetching additional code.
Instruction Scope: concernRuntime instructions tell the agent to run a local executable (./harrypotter ...). The SKILL.md does not include the actual script or explicit curl commands, so the agent would either fail or be prompted to obtain/run external code. The README suggests running git clone and chmod on scripts/harrypotter — instructions that involve downloading and executing third-party code not included in the package.
Install Mechanism: concernThere is no formal install spec in the registry package. The README contains manual install steps that require git-cloning https://github.com/jeffaf/harrypotter-skill and making scripts executable; that means installing arbitrary code from an external repository (and the registry owner ID differs from the GitHub username in README). Because the package as published omits the scripts, using the skill will push users toward an out-of-band code download, which is a higher-risk install pattern.
Credentials: okNo environment variables or credentials are requested. This is proportionate to the stated purpose (public HP-API with no auth).
Persistence & Privilege: okalways is false and there are no indications that the skill attempts to persistently modify agent/system configuration. Autonomous invocation is allowed but that is the platform default and not itself a red flag here.