Back to skill
Skillv1.0.0
ClawScan security
Spacex · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 8:58 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (SpaceX lookup) matches the requested binaries and API usage, but there are inconsistencies and a prompt-injection signal that warrant caution before installing or running it.
- Guidance
- This skill's purpose and required tools look reasonable for a SpaceX CLI, but do not install or run it blindly. Key concerns: (1) the package lacks the ./spacex script the agent is instructed to run—verify the repository actually provides that executable; (2) README clone URL and declared homepage differ—confirm the correct, trusted source; (3) SKILL.md contains unicode-control characters (possible prompt-injection/obfuscation) — open the file in a hex/clean-text viewer or remove control chars before use. If you install, inspect the cloned files to ensure there are no unexpected scripts, and run networked components in a sandbox or VM if you want extra safety. Provide the actual script or a trusted upstream release URL to raise confidence.
- Findings
[unicode-control-chars] unexpected: Hidden/Unicode control characters in SKILL.md are not expected for a simple CLI instruction file and can be used for prompt-injection or to obfuscate content. This should be examined/cleaned before trusting the text.
Review Dimensions
- Purpose & Capability
- noteName/description, required binaries (bash, curl, jq), and API usage (api.spacexdata.com) align with a SpaceX lookup CLI. However the README suggests cloning a different repo (jeffaf/spacex-skill) while the homepage points at the SpaceX-API repo, which is inconsistent.
- Instruction Scope
- concernRuntime instructions tell the agent to run a wrapper script at {skill_folder}/spacex (./spacex launches ...), but this package contains only README.md and SKILL.md—no script files are present. That mismatch means the instructions assume an executable that isn't provided here. SKILL.md otherwise limits actions to calling the public SpaceX API, but the pre-scan found unicode-control-chars (prompt-injection) in the SKILL.md, which is suspicious and could hide or manipulate content.
- Install Mechanism
- noteThere is no install spec (instruction-only), which is low risk. But README suggests cloning a third-party GitHub repo (https://github.com/jeffaf/spacex-skill.git) that's different from the declared homepage; downloading/cloning external repos should be verified before running.
- Credentials
- okThe skill does not request any environment variables, credentials, or config paths—this is proportional for a public API lookup tool that requires no auth.
- Persistence & Privilege
- okalways is false and the skill does not request elevated persistence or to modify other skills; default autonomous invocation is allowed (platform default) and is not by itself a red flag.