Skillv1.0.0

ClawScan security

EchoChat · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 3:06 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The SKILL.md claims a memory-driven CLI and integrations but provides no binary, install instructions, source, or required credentials — the mismatch is unexplained and risky.
Guidance: Do not install or enable this skill yet. Ask the publisher for: (1) source code or a trusted homepage/repo and license, (2) an explicit install mechanism or signed binary distribution, (3) a list of required environment variables/API keys and where data (memories/exports) is stored or transmitted, and (4) privacy/data-retention details. If you must test it, do so in an isolated sandbox and verify the origin of any binary before executing. Prefer skills that provide clear install instructions, a verifiable source, and least-privilege credential requirements.

Review Dimensions

Purpose & Capability: concernThe skill advertises an "echo-chat" CLI and cross-platform integrations (ChatGPT, Gemini, peer messaging, exports) but the package contains no binaries, no install steps, no source or homepage, and declares no required environment variables. A legitimate CLI/integration-centric skill would include an install spec or at least declare the binary and any API credentials it needs. The absence of those items is inconsistent with the stated purpose.
Instruction Scope: concernSKILL.md shows usage examples for a local CLI (echo-chat start/peer/export) but gives no runtime details about where memories are stored, how exports are transmitted, or what network endpoints are used. The instructions are vague and leave wide discretion about how the agent should obtain or run the echo-chat tool or handle user data — this open-ended guidance can lead to unexpected actions (downloading/executing unknown binaries, contacting external services, or accessing local data).
Install Mechanism: noteThere is no install spec (instruction-only), which is low risk from an installer-perspective. However, because the SKILL.md expects a CLI to exist, the lack of an installation mechanism is itself a problem: it forces the agent or user to obtain a binary from an unspecified source, which could be unsafe. The low-install-risk classification only applies if a trusted binary is provided separately.
Credentials: concernThe skill claims integration with external AI platforms and supports exports/peer messaging but declares no API keys, tokens, or config paths. Real integrations would require credentials or configuration; asking for none is disproportionate and unexplained. Also, export and peer features imply network/storage access that should be specified and justified.
Persistence & Privilege: okThe skill is not set to always:true, requests no config paths, and contains no install hooks. It does not request elevated persistent presence within the agent infrastructure.