Skillv2.0.0

ClawScan security

AgentGuard Tech · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 6, 2026, 2:17 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior mostly matches a security-wrapper tool, but there are notable inconsistencies and privacy/installation risks (automatic account creation, npm installs, unclear data sent off-agent) that you should understand before installing.
Guidance: Before installing: 1) Confirm the npm package @the-bot-club/agentguard is from a trustworthy publisher and review its package contents and README on the npm/GitHub repo. 2) Understand what data will be sent to the external service when creating an account (tool list, telemetry, agent details) and whether you consent to that. 3) Ask how and where the API key is stored (is it written to disk, logs, or agent config?) and avoid automatic account creation if you require privacy. 4) Because the skill runs `npm install` via child_process.exec, prefer installing it in a controlled environment or auditing the package first. 5) Resolve the metadata mismatch: the registry entry should declare that npm and internet are required. If you need stronger assurance (package provenance, privacy policy, or source code), request the upstream repository or packaged code for review before proceeding.

Review Dimensions

Purpose & Capability: noteThe SKILL.md describes a security wrapper that installs an npm SDK and wraps tools with evaluate() — that is coherent with the stated purpose. However, the registry metadata earlier listed no runtime requirements while the embedded SKILL.md manifest declares requires: ["npm","internet"]. This mismatch is unexplained and reduces trust.
Instruction Scope: concernThe instructions (and embedded code) perform networked actions: they run `npm install` and call AgentGuard.createAccount(), potentially creating an external account and exchanging an API key. The docs do not specify what agent state or tool metadata (if any) is sent to the external service, nor ask explicit consent for data transmission. The default account creation uses a placeholder email (user@agent.local), which is odd and could cause unexpected account registration behavior.
Install Mechanism: noteThere is no formal install spec in the registry, but the SKILL.md's included code runs `exec('npm install @the-bot-club/agentguard --save')`. Installing an npm package at runtime writes to disk and executes third-party code from the npm registry — a medium risk that is plausible for this purpose but worth verifying (package provenance, publisher identity, package contents).
Credentials: concernThe skill declares no required env vars, which matches the registry metadata, but it will create/manage an API key for an external service and returns a partial API key in its response. There is no clear description of where the API key/config is stored, how it is protected, or what agent data is transmitted to the vendor. Automatically creating an external account and exposing an API key (even truncated) is disproportionate without explicit user consent and a privacy statement.
Persistence & Privilege: okThe skill is user-invocable and not always-enabled; it wraps tools at runtime but does not declare forced/always presence. Autonomous invocation is allowed by default, which is normal. The skill does run installers that modify the agent environment (npm install), which is expected for an SDK but worth noting.