Back to skill
Skillv1.0.0
ClawScan security
Every claw deserves a page for himself · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 10, 2026, 3:07 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's description claims it will generate and publish personal pages from your memories, but the instructions reference a CLI and publishing flow without providing an install, binaries, or any credentials—this mismatch and the implied access to sensitive personal data are concerning.
- Guidance
- Before installing or enabling this skill: 1) Ask the author for source, homepage, and installation instructions—specifically where the 'echo-page' CLI comes from and how publishing is performed. 2) Demand a clear list of required permissions and environment variables (storage/hosting API keys, memory-store access) and a privacy policy describing what memory data is read, retained, or published. 3) Do not provide any credentials (API keys, hosting passwords, or access to your personal memory store) until you can verify the skill's code and hosting. 4) Prefer running this in a sandbox or requesting a signed, auditable implementation; if the author cannot supply provenance and a secure publish workflow, avoid installing because the current instructions are insufficient and could lead to unintended disclosure of sensitive personal memories.
Review Dimensions
- Purpose & Capability
- concernThe skill promises generation/customization/publishing of personal pages from 'memory profiles', but the SKILL.md points to a CLI tool (echo-page) and uses terms like 'memory clusters' without providing that binary, an install path, or any explanation of where/ how the memories are accessed. The capabilities claimed would reasonably require storage, memory access, and hosting credentials, none of which are declared.
- Instruction Scope
- concernRuntime instructions are just three CLI commands (generate/customize/publish) and feature bullets. They implicitly require access to users' memory data and a publish endpoint, but the document gives no guidance about obtaining or restricting those data, no host/API for publishing, and no privacy/consent handling. That open-ended scope could cause the agent to access or expose sensitive personal information without explicit controls.
- Install Mechanism
- noteThere is no install spec (lowest risk) which is consistent with being instruction-only — however the SKILL.md references an 'echo-page' CLI that is not provided and no install instructions are given. This is an operational mismatch: the instructions assume a binary or service that doesn't exist in the manifest.
- Credentials
- concernNo environment variables, credentials, or config paths are declared, yet the feature set (publishing to a public URL, embedding media, evolving memory profiles) would typically require storage/hosting credentials and access to user memory data. The omission of any declared secrets or permissions is disproportionate to the advertised functionality.
- Persistence & Privilege
- okThe skill does not request always:true and does not declare system-wide config changes. It appears to be a normal, non-persistent instruction-only skill in terms of platform privileges.