Back to skill
Skillv1.0.2
ClawScan security
Know your AI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 11, 2026, 7:19 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code and runtime instructions match its stated purpose (a CLI that talks to a Know Your AI GraphQL API using a single DSN env var); the main issues are metadata inconsistencies and a few documentation claims that don't match the package contents.
- Guidance
- This skill appears to do what it says: run evaluations and query a Know Your AI GraphQL API using a single DSN env var. Before installing or running it: 1) Verify the DSN host (https://knowyourai.hydrox.ai or your intended host) is legitimate — the scripts will send your auth token to whatever host is in the DSN. 2) Prefer exporting KNOW_YOUR_AI_DSN as an environment variable (not passing the full URL on the command line) to avoid leaking credentials to shell history or process listings. 3) Note minor inconsistencies: registry metadata (ownerId/version/homepage) and SKILL.md claim of a global npm alias (kya) do not match the package (no package.json/npm install spec). These look like packaging/documentation errors rather than malicious behavior, but you should confirm the publisher and the dashboard URL before providing your DSN. 4) If you need higher assurance, run the code in a sandbox and inspect network requests (or review the code yourself); check TLS and certificates for the DSN host and rotate keys if you suspect they were exposed.
Review Dimensions
- Purpose & Capability
- okThe name/description (AI security testing CLI) aligns with the code and SKILL.md: scripts call a GraphQL API, list evaluations, start runs, and show results. Required binaries (node) and required env var (KNOW_YOUR_AI_DSN) are appropriate for this purpose.
- Instruction Scope
- noteRuntime instructions restrict activity to the Know Your AI API (the DSN-provided host) and local CLI output. The helper enforces sanitized IDs and uses GraphQL variables, so injection risk is mitigated. Note: the DSN contains an auth token embedded in a URL; the scripts send that token in an Authorization header to the DSN host — this is expected but means the token is exfiltratable if the DSN is pointed at an attacker-controlled host.
- Install Mechanism
- okNo install spec (instruction-only) — no external downloads or archive extraction. The package contains Node scripts that run locally; nothing writes arbitrary remote code during install.
- Credentials
- noteOnly a single credential (KNOW_YOUR_AI_DSN) is required, which fits the described API-driven functionality. Caveat: the DSN embeds credentials in a URL (username/password), which can leak via shell history or process listings if users pass it on the command line; the SKILL.md does recommend using an environment variable, which is preferable.
- Persistence & Privilege
- okalways:false and no modifications of other skills or system-wide settings. The skill does not request persistent elevated privileges.