Back to skill
Skillv1.0.0
ClawScan security
Clawreach · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewApr 14, 2026, 3:14 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill claims to run a full social-matching service (registration, email verification, automated matching and polling) but provides no implementation, credentials, or publisher/source details — the pieces don't fully add up and warrant caution.
- Guidance
- Before installing: verify the publisher and source (ask for a code repository or official homepage), and confirm where the actual service runs (platform-hosted vs. third‑party). Ask how verification emails are sent and what credentials/endpoints are used — do not assume the platform will provide them. Because the skill collects email and personal profile data, review its privacy policy and data retention practices. Prefer skills with accessible source code or an official vendor; if you must test, do so in an isolated environment and avoid providing highly sensitive personal information until the integration details are clarified.
Review Dimensions
- Purpose & Capability
- concernThe name/description and listed tools describe a networked matchmaking service that sends verification emails, performs automated multi-party matching, and polls for tasks. However, the package is instruction-only, has no source/homepage metadata (homepage field is blank despite an inline URL), and declares no credentials or endpoints. A service that sends email and performs automated matching would normally require API keys/credentials or an implementation — their absence is unexplained.
- Instruction Scope
- noteSKILL.md instructs the agent to collect PII (email, preferences, personal descriptions) and to run onboarding and polling flows — these are consistent with a matchmaking plugin. It does not instruct reading unrelated files or environment variables. The instruction to run 'openclaw plugins install clawreach' and that the gateway will restart implies privileged platform operations; that behavior should be expected/authorized by the operator before installation.
- Install Mechanism
- okThere is no install specification and no code files — lowest-risk install footprint. That said, because no code is included, it's unclear where the listed tools (clawreach_*) are implemented; either the platform must provide them or the skill is incomplete.
- Credentials
- concernThe skill will collect personal data (email, preferences, invites) and claims to send verification emails and run automated tasks, yet declares no required environment variables, API keys, or credentials. This is disproportionate/unexplained for a networked service that typically needs SMTP/API credentials and a service endpoint.
- Persistence & Privilege
- notealways is false (good). The tool list includes a polling/heartbeat tool which implies background/autonomous activity; autonomous invocation is platform-default, so not itself a problem, but users should be aware the plugin intends to perform ongoing tasks on their behalf.