Skillv1.0.0

ClawScan security

Agent News Digest · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 7, 2026, 1:40 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The code and README clearly require multiple LLM and search API keys and an npm install, but the registry metadata lists no required environment variables or install steps — this mismatch and a few implementation choices (explicit .env loading, debug prints, strict LLM system prompts) are concerning and deserve review before running.
Guidance: What to consider before installing/running: - Metadata mismatch: The registry lists no required environment variables or install steps, but the package includes package.json/package-lock and the README says to create a .env and run npm install. Treat the skill as code you must install and run (not an instruction-only skill). - Required secrets: The program expects API keys for Tavily (web search) and one or more LLM providers (Groq/GROQ_API_KEY, Anthropic/ANTHROPIC_API_KEY, Google/GOOGLE_API_KEY). Provide only keys with minimal permissions and consider using limited/throwaway keys for testing. - Review .env: The code explicitly reads ../.env; inspect that file for secrets before running. Run in an isolated environment (container) until you are confident. - Network calls: The agent will call external APIs (Tavily, Groq/Groq API base, Anthropic, Google). If you need to audit traffic, run it in a network-restricted environment or with logging/proxy to monitor endpoints. - Logging/privacy: The code prints debug messages about whether keys are present. Consider removing or reducing debug logging to avoid leaking environment state in shared logs. - Prompt behavior: The analyzer enforces strict system prompts that require pure JSON output. This is expected for parsing but can fail or produce unexpected output; validate parsed JSON and handle failures safely. - Next steps: If you plan to use this skill, ask the publisher to update registry metadata to declare required env vars and install steps, audit package.json dependencies, and consider running npm install/build in a sandbox (or review and build the code yourself) before providing real API keys.
Findings: [system-prompt-override] expected: The analyzer builds a system prompt that forces the model to return pure JSON (no extra text or code blocks). For parsing, this is an expected pattern, but regex scanners flag it because such prompts can be used to attempt system-level instruction overrides. Review prompt usage carefully and validate outputs before trusting them.

Review Dimensions

Purpose & Capability: concernThe stated purpose (keyword-based news collection and 3-line summaries) matches the code: it performs web search (Tavily) and LLM summarization (Groq/Llama, plus adapters for Anthropic and Gemini). However the registry metadata declares no required env vars or install steps while the code and README clearly require multiple API keys (GROQ_API_KEY, TAVILY_API_KEY, ANTHROPIC_API_KEY, GOOGLE_API_KEY etc.) and npm install. That omission is an incoherence: someone building this feature legitimately needs those keys and dependencies, so the registry should list them.
Instruction Scope: concernSKILL.md and the source instruct the agent to load a local .env file and call external services (Tavily search and various LLM providers). The code explicitly loads ../.env (dotenv) and logs presence of API keys; analyzer enforces a strict system prompt asking the LLM to output only JSON. Reading a local .env and calling external APIs is consistent with purpose, but direct .env loading and the aggressive system-prompt requirement are notable scope/safety choices and should be reviewed.
Install Mechanism: concernThe registry listed 'No install spec — instruction-only', but the package.json and package-lock.json are present and README instructs 'npm install' and 'npm start'. That mismatch is problematic. The install itself would pull npm packages from the public registry (@anthropic-ai/sdk, @google/generative-ai, openai, dotenv) — expected for LLM integration but not risk-free. There are no suspicious external download URLs or extracted archives, but the missing install declaration is an operational inconsistency.
Credentials: concernAlthough registry metadata claims no required env vars, the code expects multiple service API keys (GROQ_API_KEY, TAVILY_API_KEY, ANTHROPIC_API_KEY, GOOGLE_API_KEY and possibly LLM_PROVIDER). The README also instructs creating a .env. The code prints debug lines about whether keys are loaded (not the keys themselves), which is minor but could leak presence/absence information in logs. Requiring these keys is proportionate to a news+LLM agent, but the skill should have declared them explicitly in metadata and avoided verbose debug output.
Persistence & Privilege: okThe skill does not request 'always: true' and uses normal agent invocation. It does not modify other skills or system-wide settings. No suspicious persistence or elevated privileges are requested.