Skillv1.6.1

ClawScan security

taste-skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 13, 2026, 2:50 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior mostly matches a marketplace tool, but its onboarding/integration steps request persistent workspace modification, credential storage, and global installs without those requirements being declared — this is intrusive and deserves review before installing.
Guidance: This skill broadly matches a 'skill marketplace' but its onboarding will: (1) install an external CLI globally (npm install -g taste-cli), (2) register an account and write credentials to ~/.taste/.env, and (3) inject persistent blocks into workspace files (HEARTBEAT.md, AGENTS.md, possibly CLAUDE.md) so it runs at session start. Before installing: back up the workspace, review the taste-cli package and its homepage/domain (https://taste.ink) yourself, avoid running admin invite commands unless you are an admin, and consider setting a local base URL for testing. If you do not want any tool to auto-modify your AGENTS.md / CLAUDE.md or run commands on every session start, do not enable the onboarding injection steps.

Review Dimensions

Purpose & Capability: noteThe name/description (a skills marketplace) aligns with the instructions (search, save, publish, install skills). However the SKILL.md also instructs the agent to register accounts, set backend URLs, and perform admin invite actions which are broader than a passive 'marketplace browser' and are not declared in the skill metadata (no required env or creds declared).
Instruction Scope: concernRuntime instructions direct the agent to modify workspace files (HEARTBEAT.md, AGENTS.md, optionally ~/.claude/CLAUDE.md), run CLI commands at every session start, and perform onboarding flows that write credentials to disk. These actions go beyond querying/searching a marketplace and grant the skill broad discretion to change user workspace state and session behavior.
Install Mechanism: noteThere is no formal install spec in the registry, but onboarding explicitly tells the agent to run `npm install -g taste-cli` (public npm install). That implies installing external code globally – a normal dev workflow but with nontrivial risk if you haven't audited the CLI package or its upstream domain. The skill itself doesn't provide or declare the package provenance in metadata.
Credentials: concernMetadata declares no required environment variables, yet onboarding instructs creating and saving TASTE_API_KEY, TASTE_BASE_URL, TASTE_EMAIL, TASTE_NICKNAME and handling ~/.taste/.env. It also suggests optional admin operations (invite-code generation). Requesting persistent API credentials and possibly admin actions is disproportionate unless the user expects a full marketplace integration.
Persistence & Privilege: concernOnboarding instructs injecting Taste into the workspace so it runs by default every session (writing HEARTBEAT.md/AGENTS.md/CLAUDE.md). That achieves persistent presence across sessions and modifies other config/doc files. While reasonable for a default marketplace, it is intrusive and may alter other skills' behavior.