Skillv1.0.2

ClawScan security

Agentvulnly Vulnerability Scanner · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousMar 16, 2026, 3:09 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (remote vulnerability scanning) matches its requirements (curl + TOOLWEB_API_KEY), but the runtime instructions explicitly require sending potentially sensitive agent data (including full source) to a third‑party API and force callers to always call that endpoint, which creates a meaningful data‑exfiltration/privacy risk that users should understand before installing.
Guidance: This skill is coherent with a hosted scanner but it requires you to send detailed agent information (and even full source files) to portal.toolweb.in using the TOOLWEB_API_KEY. Before installing: (1) Verify ToolWeb's reputation and read their privacy/data retention policy; (2) Do NOT send unredacted secrets, private keys, or production credentials — scrub or replace sensitive values before scanning; (3) Use test/staging copies of code or anonymized examples where possible; (4) Prefer scoped/ephemeral API keys that can be revoked; (5) Ask the vendor whether submitted data is stored, for how long, and whether it may be shared; (6) If you cannot safely remove secrets from the artifacts you plan to scan, consider running a local/manual audit instead of using this hosted API.

Purpose & Capability: okName/description align with required binary (curl) and a single external API key (TOOLWEB_API_KEY). Requesting an API key for portal.toolweb.in is coherent with a remote scan service.
Instruction Scope: concernSKILL.md mandates 'ALWAYS call the ToolWeb API' and shows output that includes 'Full source of all included files.' That encourages sending complete code and architecture details (which may include secrets or credentials) to the remote service, and explicitly disallows answering from local knowledge — increasing risk of unintended exfiltration.
Install Mechanism: okInstruction-only skill with no install spec or downloads; lowest installation risk. No archives, custom binaries, or third‑party installers are pulled by the skill itself.
Credentials: noteOnly one env var (TOOLWEB_API_KEY) is required, which is proportionate for a hosted API service. However, the API contract implied by SKILL.md encourages sending potentially sensitive scanData (including file contents and token handling details) alongside that key — users should assume the service will receive any data submitted for scanning.
Persistence & Privilege: okSkill is not force‑included (always:false) and uses normal model invocation. It does not request persistent system configuration or other skills' credentials.