Back to skill
Skillv1.0.9
ClawScan security
AI Content Engine · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 21, 2026, 11:28 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's declared required credentials (notably a WALLET_PRIVATE_KEY) and required-env listing are stronger than the instructions actually justify and ask for a highly sensitive secret; the rest of the skill is coherent with its stated purpose but these inconsistencies warrant caution.
- Guidance
- This skill appears to do what it says (MCP-based AI content generation) but has some credential handling inconsistencies you should clear up before installing: 1) Confirm whether WALLET_PRIVATE_KEY is truly required for your intended use — it should be OPTIONAL unless you plan to sign on-chain payments. 2) If you must provide a private key, use a dedicated, funded-limited agent wallet (not your main wallet) and verify how signing is prompted and approved. 3) Ask the publisher to change the registry metadata so optional credentials are not listed as required, and to document API key scopes and the process for social-media publishing (what tokens are needed and how they are supplied). 4) Prefer using prepaid brand tokens (API key) over providing a private key when possible. 5) If you proceed, test with minimal funds and limited-scope API keys, and monitor any on-chain activity closely. If the publisher cannot clarify these points, treat the skill as higher risk.
Review Dimensions
- Purpose & Capability
- noteName/description (AI video/image/script generation) aligns with the MCP endpoint and the listed tools. CONTENT_ENGINE_URL and CONTENT_ENGINE_API_KEY are reasonable for this purpose. However, the registry metadata marks WALLET_PRIVATE_KEY as a required env var while the SKILL.md clearly states that the private key is only needed when using per-call USDC payments (x402) — so the 'required' listing is overstated and inconsistent.
- Instruction Scope
- okThe SKILL.md stays within scope: it explains connecting to an MCP server, which tools require brand-scoped API keys, and how x402 payments are performed. The instructions explicitly require reading the declared env vars (URL, API key, and optionally a wallet key) to operate. It does not instruct the agent to read unrelated files or exfiltrate other data. One omission: publish_content implies posting to social platforms but the SKILL.md does not document how platform credentials are supplied or scoped.
- Install Mechanism
- okThis is instruction-only with no install spec and no code files — low installation risk. No downloads or package installs are specified.
- Credentials
- concernRequesting a WALLET_PRIVATE_KEY is high sensitivity but can be justified for signing x402 on-chain payments. The problem is that the registry lists WALLET_PRIVATE_KEY as required unconditionally, while SKILL.md describes it as needed only for per-call USDC payments (optional if you use prepaid tokens). Similarly, CONTENT_ENGINE_API_KEY is only necessary for brand-scoped operations, not for public pricing/quote tools. The skill also does not declare a primary credential and provides no guidance about API key scopes or minimum-privilege settings — increasing risk if users supply high-value keys or a primary wallet key.
- Persistence & Privilege
- okThe skill does not request always:true and does not modify other skills or system-wide settings. It can be invoked autonomously (default), which is normal, but combined with requested wallet access that could increase blast radius if misused. No persistent install footprint is declared.