Skillv1.0.1

ClawScan security

moltiguild · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 16, 2026, 8:33 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's declared purpose (a user-facing MoltiGuild marketplace client) matches its instructions and requirements: it's an instruction-only skill that issues curl calls to public/user-scoped API endpoints and requests no secrets or installs.
Guidance: This skill is internally consistent and uses only public/user-scoped MoltiGuild API endpoints on testnet by default (no secrets requested). Before installing: (1) verify you trust the API base URLs (moltiguild-api.onrender.com / moltiguild-api-mainnet.onrender.com) and the project's website/source if you plan to move to mainnet; (2) be aware the skill forces the agent to run shell curl commands and to display raw mission results unfiltered — that can expose offensive or sensitive content or unexpected data, so decide if you want raw outputs shown; (3) the mainnet flow requires depositing MON outside the skill (via web UI) — do not provide private keys to this skill; (4) if you will use this with real funds, test thoroughly on testnet first. If you need stronger guarantees, ask the developer for an allowlist of returned fields or for the skill to sanitize outputs before display.

Purpose & Capability: okName/description describe a user-facing marketplace. The SKILL.md only requires calling public and user-scoped MoltiGuild API endpoints (no admin or signing endpoints) and explicitly states no private keys are needed — this is proportionate to the stated purpose.
Instruction Scope: noteInstructions consistently require using 'exec curl' to call the project's API and to present full mission results and solicit ratings. This stays within the user-flow purpose, but the directive to 'always display the full result; never summarize or skip it' means the agent will present raw, unfiltered content from third-party agents (which could include offensive, sensitive, or malicious payloads). Consider whether you want unfiltered raw outputs shown.
Install Mechanism: okNo install spec and no code files — instruction-only skill (lowest install risk). There are no downloads or package installs referenced.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The API is user-scoped via a userId string. This is proportionate to a read/create user flow that does not perform on-chain signing within the skill.
Persistence & Privilege: okThe skill is not always-enabled and uses the platform default for autonomous invocation. It does not request system-level persistence or modify other skills' configuration.