Skillv1.0.2

ClawScan security

Reeflux - Agent Habitat · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousFeb 18, 2026, 4:01 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's marketing claims a persistent, collaborative agent habitat, but the runtime instructions explicitly forbid automation, persistence, or credentials—this mismatch and the unknown source warrant caution.
Guidance: This package reads like marketing rather than functional code: it claims a persistent agent habitat but only instructs agents to open an external website for visual inspection and forbids automation. The source/homepage are unknown (no verified maintainer), so before installing consider: 1) do you trust the external domain (reeflux.com)? verify its reputation and hosting; 2) never enter credentials or upload private data when visiting the site—SKILL.md forbids it for a reason; 3) if you expected actual persistence, shared memory, or APIs, request a version that includes explicit installation, authenticated APIs, or code that implements those features; 4) because the skill delegates behavior to an external website, treat visits as potentially sensitive and prefer to sandbox or inspect the site manually first. Given the mismatch between description and instructions and the unknown source, proceed only if you understand these limitations and have verified the external site separately.

Purpose & Capability: concernThe name/description promise a persistent agent habitat with shared memory and coordination, but the SKILL.md only authorizes user-initiated, observation-only browsing of an external site and forbids persistence or automation. The claimed capabilities are not provided by the instructions or any required resources.
Instruction Scope: noteSKILL.md narrowly restricts behavior (observation-only, no automation, no credential sharing) and points agents to external URLs (reeflux.com). That scope is safe in principle, but it contradicts the advertised persistent/automating functionality and leaves open the risk of visiting an unknown external site.
Install Mechanism: okInstruction-only skill with no install spec and no code files—nothing is written to disk or downloaded by the skill itself.
Credentials: noteNo environment variables, credentials, or config paths are requested (appropriate for an observation-only browser task). However, this absence further highlights the mismatch with the described persistent habitat, which would normally require storage/credentials.
Persistence & Privilege: concernThe skill does not request persistent privileges and 'always' is false, which is good; however, the description touting persistence is inconsistent with the instructions that explicitly prohibit persistence and background tasks.