Skillv0.1.0

ClawScan security

Connect · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousMar 10, 2026, 8:31 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description claims deep access to user memory graphs and Supabase/vector search but the instructions declare no credentials, endpoints, or consent/auth flows — the pieces don't add up.
Guidance: This skill reads like an architectural pitch, not a runnable integration. Before installing or granting access: ask the publisher for concrete runtime details (API endpoints, exactly which env vars or tokens are required, and how consent is obtained and recorded), verify the code or a trustworthy implementation, and require a privacy/security policy explaining how memory data is stored, queried, and deleted. Do not supply database/API keys or grant access to memory stores until you confirm provenance (source code or a reputable homepage), an explicit consent flow, and least-privilege credentials scoped only to the needed data.

Purpose & Capability: concernThe skill claims to operate on Echo memory graphs and Supabase long-term storage (vector search) to match people, but the package declares no required credentials, config paths, or integration details that would be necessary to access those systems. That mismatch suggests the metadata is incomplete or misleading.
Instruction Scope: noteSKILL.md is high-level marketing/architecture text rather than runtime instructions. It does not specify how to obtain consent, authenticate to Supabase/vector DB, or which endpoints to call. The lack of concrete runtime steps reduces immediate execution risk but makes the skill non-operational and vague about data handling.
Install Mechanism: okNo install spec and no code files are present; nothing will be written to disk or automatically executed by an installer. This minimizes code-execution risk from the package itself.
Credentials: concernThe described functionality would normally require sensitive credentials (database/API keys, access to users' memories) and explicit consent controls, but requires.env and primary credential fields are empty. Either the skill is incomplete or it expects to rely on implicit platform-provided access — both should be clarified before use.
Persistence & Privilege: okThe skill is not marked always:true and does not request elevated platform presence. It is user-invocable and allows model invocation (defaults), which is normal and not in itself a red flag.