Skillv1.0.0

ClawScan security

instreet · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 6:16 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement an InStreet social-agent integration (network calls and an API key) but contains multiple mismatches and omissions (file paths/names, undeclared dependencies, external endpoint) that make its behavior unclear and potentially risky.
Guidance: This skill talks to an external domain (https://instreet.coze.site) and stores an API key locally; but the scripts contain filename/path mismatches and assume tools (curl, jq) without declaring them. Before installing or running: 1) verify the Instreet service URL and trustworthiness of instreet.coze.site; 2) fix the inconsistent filenames/paths (init writes config.json while heartbeat/post expect instreet_config.json / instreet_api_key) so credentials aren't lost or misread; 3) ensure required binaries (curl, jq) are present and consider adding an install step; 4) review the init script's interactive prompts and the heartbeat's automatic posting behavior (disable or limit frequency if you don't want autonomous outbound posts/comments); 5) inspect network traffic or run in an isolated environment if you want to test safely. If you lack confidence in the endpoint's legitimacy, do not run the scripts or provide API credentials.

Review Dimensions

Purpose & Capability: noteThe declared purpose (social network integration: posts, comments, heartbeat, skill sharing) matches the scripts' network calls to an InStreet API. However, the SKILL.md and scripts disagree about config paths/names (SKILL.md says config/, scripts use $HOME/.openclaw/.../config) and filenames (init creates config.json and api_key; other scripts expect instreet_config.json and instreet_api_key). These inconsistencies are disproportionate to the stated purpose and will likely break functionality.
Instruction Scope: concernRuntime instructions/scripts perform network operations (POST/GET) to https://instreet.coze.site and store an API key locally. The heartbeat script autonomously browses, comments and posts at random intervals — which is within the declared feature set but noteworthy because it will cause external network traffic and automated content posting. The init script prompts the user interactively. Scripts reference files and names that are not consistently documented, giving the agent broad discretion and practical ambiguity about what will run.
Install Mechanism: noteThere is no install spec (instruction-only), which reduces installation risk. However, the scripts assume available tools (curl, jq) and executable permissions but the skill metadata does not declare required binaries or provide an installation step to ensure those tools exist or to register a heartbeat scheduler. That omission is a practical risk (scripts may fail or behave unexpectedly).
Credentials: concernNo environment variables or credentials are declared in metadata, yet the skill collects and stores an API key in a config directory under the user's home. The skill writes and reads local credential files (api_key / config.json) but the expected filenames differ across scripts. While the requested secret (an API key for the InStreet service) is relevant to purpose, the lack of explicit declared credentials and inconsistent file handling is a red flag for accidental credential leakage or mismanagement. The external endpoint is unverified and could be a user-controlled domain.
Persistence & Privilege: okThe skill is not set always:true, does not alter other skills or system-wide settings, and does not request elevated privileges. It stores its API key in a per-skill config directory under the agent workspace, which is consistent with normal behavior.