Skillv0.1.0

ClawScan security

Amazon Product Research · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 10:06 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions clearly require an APICLAW_API_KEY for network calls, but the registry metadata does not declare any required environment variables or primary credential — that mismatch is an incoherence you should resolve before trusting the skill.
Guidance: This skill appears to be what it says (an APIClaw-backed Amazon research helper), but its metadata fails to declare the API key it needs. Before installing: 1) Ask the publisher to update metadata to list APICLAW_API_KEY as a required primary credential so you can approve it explicitly. 2) Verify the APIClaw service (https://api.apiclaw.io) is the intended and trustworthy endpoint (no homepage is provided and the owner is anonymous). 3) If you provide an API key, create a key with the minimum possible scope and monitor its usage; avoid reusing high-privilege keys (AWS, Stripe, or other unrelated secrets). 4) If you lack confidence in the publisher, do not supply credentials — the skill cannot work without them. If the publisher responds and metadata is fixed, the skill would look coherent; as-is the missing env-var declaration is a meaningful red flag.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose is Amazon product research via APIClaw and the SKILL.md repeatedly shows API calls to https://api.apiclaw.io that require an API key. However, the registry metadata lists no required environment variables or primary credential. A legitimate APIClaw integration would normally declare APICLAW_API_KEY (or similar) as a required/primary credential — the omission is inconsistent.
Instruction Scope: concernThe runtime instructions are instruction-only and narrowly describe POST calls to APIClaw endpoints (categories, markets/search, products/search, realtime/product). That scope is appropriate for the described purpose, but the SKILL.md explicitly shows using Authorization: Bearer $APICLAW_API_KEY — i.e., it expects access to an environment variable that the skill metadata does not declare. No other system files or unrelated credentials are requested.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing is downloaded or written to disk by the skill itself. That lowers install-time risk.
Credentials: concernThe only sensitive item referenced in SKILL.md is APICLAW_API_KEY (used as a Bearer token). That credential would be proportionate for this API integration, but it is not declared in the skill's required env vars/primary credential fields — a metadata omission that prevents you from transparently understanding what secrets the skill needs.
Persistence & Privilege: okThe skill does not set always:true and does not request any special persistent system privileges. It is user-invocable and may be used autonomously by the agent (the platform default), which is expected for skills that call external APIs.