Skillv1.0.1

ClawScan security

mia · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 5, 2026, 5:38 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code implements a memory/planner/feedback system as described, but the declared required environment variables and metadata are overly broad/mismatched and there are code-quality issues (including an undefined function) that make its behavior unclear.
Guidance: What to check before installing: - The skill will read/write plain JSONL files (memory and feedback) under its directories by default; review and control the file paths (MIA_MEMORY_FILE, MIA_FEEDBACK_FILE) and file permissions to avoid accidental storage of sensitive data. - The metadata in the registry marks MIA_PLANNER_API_KEY and other planner vars as required, but the code only needs the API key when MIA_PLANNER_MODE=api. If you don't want to provide an external API key, set MIA_PLANNER_MODE=local and configure MIA_PLANNER_URL to a local model. Don't provide cloud API keys unless you intend to use api mode. - There are duplicated files and a coding bug: memory code calls extractPattern() which is not defined. This indicates the package may be untested and could throw runtime errors or behave unexpectedly. Consider reviewing the code locally and running in an isolated/test environment first. - npm install will fetch node-fetch from the public npm registry (standard dependency) — run installs in a controlled environment if you are cautious about third-party packages. - If you plan to use this skill in production, inspect the code, run it in a sandbox, and consider encrypting or restricting access to memory/feedback files. If you need help verifying the undefined function or cleaning up the metadata, get a developer to audit/fix those issues before trusting persistent data or production API keys.

Review Dimensions

Purpose & Capability: noteName/description (memory, planner, feedback) align with the included code files (memory/, planner/, feedback/) and the required binary (node). The planner contacting an LLM API is expected. However the registry metadata marks many env vars as required (including MIA_PLANNER_API_KEY, MIA_PLANNER_URL, MIA_PLANNER_MODEL) even though the SKILL.md and code show the API key is only needed when MIA_PLANNER_MODE=api and local mode is supported. This mismatch is disproportionate to the stated purpose.
Instruction Scope: noteRuntime instructions and provided SKILL.md limit actions to: calling the planner (local or API), reading/writing JSONL files for memory and feedback, and generating plans. The skill will read/write files under its own directories (memory.jsonl, feedback.jsonl) — this is expected but should be noted. There are no instructions to read unrelated system files or environment variables beyond the declared ones. One functional issue: the memory code references an extractPattern() function that is not defined, which could cause runtime errors and unpredictable behavior in similarity calculation.
Install Mechanism: noteThere is no formal install spec in the registry (instruction-only), but package.json and SKILL.md instruct running npm install (which will pull node-fetch from npm). This is common for Node-based skills; risk is moderate and standard (no external arbitrary downloads or obscure URLs).
Credentials: concernThe skill metadata lists many required env vars unconditionally: MIA_PLANNER_API_KEY, MIA_PLANNER_URL, MIA_PLANNER_MODEL, etc. In code and SKILL.md the API key is only required when MIA_PLANNER_MODE=api (local mode does not require it). Declaring the API key and URL as always required is disproportionate. Also the skill will store data in files whose paths are configurable via env vars (MIA_MEMORY_FILE, MIA_FEEDBACK_FILE) — these are reasonable but the metadata labeling them 'required' without clarifying defaults is misleading. Primary credential set to MIA_PLANNER_API_KEY is reasonable for api mode but should not be mandatory for local usage.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or system-wide settings. It persists data only to its own memory/feedback JSONL files (configurable paths). That persistence is normal for a memory skill but users should be aware that stored memories/feedback are plaintext JSONL files and could contain sensitive content if the agent stores such data.