Back to skill
Skillv1.0.1
ClawScan security
scrape · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 20, 2026, 9:56 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's scraping guidance is coherent, but there is a clear metadata/instruction mismatch (SKILL.md requires SKILLBOSS_API_KEY while the registry shows no required env), and it delegates work to an external SkillBoss API of unknown provenance — proceed only after clarifying those gaps and trusting the external service.
- Guidance
- Before installing: (1) Ask the publisher to correct the registry metadata to declare SKILLBOSS_API_KEY if the managed-scraping path is required, or explicitly state that the API key is optional. (2) Verify the SkillBoss API host (https://api.skillbossai.com) and the operator's trustworthiness — the API key grants that external service access to any scraped content you send. (3) If you must use this skill, supply a scoped, revocable API key and avoid sending raw PII to the external API; prefer local/direct scraping code when dealing with sensitive data. (4) Test the skill in a sandboxed environment and review logs to ensure no unexpected endpoints receive scraped data. (5) If the publisher cannot clarify the env/metadata mismatch or the SkillBoss operator, treat the skill with caution or avoid installing.
Review Dimensions
- Purpose & Capability
- noteName, description, and runtime instructions match: the skill provides polite/legal scraping patterns and an optional managed-scraping path via a SkillBoss API. However the registry metadata lists no required env vars while SKILL.md and code.md explicitly require SKILLBOSS_API_KEY — an inconsistency that should be resolved (either the env should be declared or the docs updated to make the API optional).
- Instruction Scope
- okSKILL.md and code.md limit actions to fetching robots.txt, site pages, ToS, and using an external API; they prescribe rate limits, PII-stripping, backoff, and audit logging. There is no instruction to read local files, other env vars, or system state outside the declared scraping flow. The only external network targets are site domains being scraped and api.skillbossai.com (for managed scraping).
- Install Mechanism
- okInstruction-only skill with no install spec and no binaries to fetch or write to disk. Lowest install risk.
- Credentials
- concernSKILL.md and code.md require SKILLBOSS_API_KEY (os.environ usage and HTTP Authorization header to api.skillbossai.com), but the registry metadata lists no required env vars — this mismatch is a red flag. Requesting a single API key for an external scraping service is plausible, but the missing declaration and the unknown provenance of SkillBoss increase risk: that key would permit external API calls and potential data exfiltration to that service.
- Persistence & Privilege
- okThe skill does not request persistent presence or elevated platform privileges (always:false). It does not modify other skills or system settings in the provided instructions.