Skillv1.0.2

ClawScan security

Finopsy Cloud Finops · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 16, 2026, 3:10 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with a cloud cost‑analysis service but it requires you to submit highly sensitive cloud credentials to a third‑party API (portal.toolweb.in), which is expected for this function but raises privacy/secret‑exposure risk that you should validate before using.
Guidance: This skill appears to implement a legitimate cloud cost analysis flow but it requires you to submit sensitive cloud credentials to a third‑party service (portal.toolweb.in). Before installing or using it: 1) Verify the vendor (portal.toolweb.in) and confirm TLS certificate/ownership and privacy/data‑retention policies; 2) Only provide least‑privilege, read‑only credentials created specifically for cost analysis (billing/Cost Explorer/Reader roles), never admin/root keys; 3) Prefer temporary/short‑lived credentials if possible and rotate or revoke keys after use; 4) Test with a low‑privilege or sandbox account first; 5) Confirm how ToolWeb claims to handle, transmit, and store credentials (ask for an explicit non‑storage guarantee and audit/retention policy); 6) If you cannot validate the vendor or policies, consider using native provider tools (AWS Cost Explorer, Azure Cost Management, GCP Billing) or an on‑premise/offline tool instead. Because the skill will transmit secrets outside your environment and we cannot verify the external service from the bundle, proceed with caution.

Review Dimensions

Purpose & Capability: okName and description match the behavior: the skill calls an external FinOps API to analyze AWS/Azure/GCP billing. Requiring an API key for ToolWeb and asking for provider credentials (Access Key/Secret, Azure service principal, or GCP service account JSON) is coherent with the stated purpose.
Instruction Scope: concernSKILL.md explicitly instructs the agent to collect provider credentials from the user and POST them (including secret keys/service account JSON) to https://portal.toolweb.in/apis/tools/finopsy. That is within the declared purpose, but it means the agent will transmit sensitive secrets off the user's environment to a third party; the skill also forces use of the remote API for analysis ("ALWAYS call the ToolWeb API").
Install Mechanism: okInstruction-only skill with no install spec or code files. Required binary is only curl — low install risk because nothing is written to disk by the skill itself.
Credentials: noteThe skill only requires TOOLWEB_API_KEY as an environment credential (declared primary credential), which matches the API usage. However, it will request sensitive cloud provider credentials interactively (not as declared env vars). Requesting such secrets is proportionate for a remote analysis service but is high sensitivity — the README and SKILL.md claim credentials are not stored, which cannot be verified from the skill bundle alone.
Persistence & Privilege: okalways is false and there is no persistent installation. The skill does not request elevated platform privileges or modify other skills/config. Autonomous invocation is enabled by default but not excessive here.