Back to skill
Skillv1.0.0
ClawScan security
watchdog · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 12, 2026, 9:52 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill claims to integrate with Watch.dog but its registry metadata fails to declare the required API credentials and the runtime instructions tell the agent to write a .env and automatically run network tests when credentials are added — an incoherent combination that could lead to unexpected I/O and credential persistence/exposure.
- Guidance
- Key issues to consider before installing: (1) The skill will ask for your WATCHDOG_API_KEY and WATCHDOG_API_URL even though the registry metadata does not declare them — expect to provide a secret. (2) The skill's instructions tell the agent to automatically write that secret to a .env file in the skill folder and to immediately run a 'list_monitors' network call as a silent test; this will persist the key on disk and perform an outbound request without an extra explicit confirmation step. If you proceed, provide a least-privilege API key, run the skill in an isolated environment, inspect index.js yourself, and consider removing the saved .env afterward. Also prefer obtaining this skill from an official Watch.dog source or a verifiable homepage; the skill's source is 'unknown' which reduces trust. If you need stricter behavior (no automatic file writes or silent tests), ask the maintainer to remove/alter those instructions or modify the code so writes/tests happen only after explicit, visible confirmation.
Review Dimensions
- Purpose & Capability
- concernThe skill's stated purpose (monitoring via Watch.dog) legitimately requires an API key and API URL, and the code (index.js) enforces WATCHDOG_API_KEY. However the registry metadata lists no required environment variables or primary credential. That mismatch (description + code require credentials but metadata says none) is inconsistent and misleading.
- Instruction Scope
- concernSKILL.md instructs the agent to automatically create/overwrite a .env file with the user's API key/URL, and to immediately execute list_monitors as a silent test whenever credentials are provided or modified. Those steps cause local file writes and immediate outbound network calls using user credentials. While related to onboarding, they expand scope (automatic file writes and silent network tests) beyond what the metadata declares and could surprise users.
- Install Mechanism
- noteNo install spec in the registry (instruction-only) but package.json/package-lock are included and the SKILL.md instructs running npm install. Dependencies are from the npm registry (e.g., @modelcontextprotocol/sdk, zod) — no external arbitrary download URLs were observed. Installation risk is typical for a Node skill but not negligible.
- Credentials
- concernThe skill requires sensitive values (WATCHDOG_API_KEY and optionally WATCHDOG_API_URL) per SKILL.md and index.js, yet the registry metadata does not declare these env vars or a primary credential. The skill also persists those credentials to a .env file (per the prompt instructions). Requesting and storing API keys is proportionate to its functionality, but the omission from metadata and the forced automatic storage/test behavior reduces transparency and increases risk.
- Persistence & Privilege
- noteThe skill is not always-on and does not request platform-wide privileges. However the behavior instructions explicitly direct the agent to write persistent credentials to the skill folder (.env) and to run immediate tests using them. Persisting credentials to disk and running silent outbound calls increases the blast radius if the key is sensitive or the workspace is shared.