Back to skill
Skillv1.1.1
ClawScan security
Seisoai · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 17, 2026, 8:55 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, endpoints, and requirements align with a media-generation gateway and it requests no unexpected installs or credentials, though it exposes powerful media capabilities and payment flows that warrant user caution.
- Guidance
- This skill appears to be what it claims: a gateway for media tools. Before installing: verify you trust https://seisoai.com, avoid pasting your API key into broad/global agent settings (provide per-call or on-demand), require human confirmation before letting agents call agent-scoped endpoints, and be cautious about using high-risk tools (face-swap, voice cloning) or enabling automated payment flows (x402 on Base). If you need stronger assurances, ask the publisher for a formal privacy/security policy and confirm how audit logs are stored and reviewed.
Review Dimensions
- Purpose & Capability
- okThe name/description describe a unified media gateway and the SKILL.md documents discovery, pricing, invoke, and job endpoints on seisoai.com—these match the stated purpose. There are no unrelated binaries or hidden install steps. Minor metadata mismatch: the registry header said 'Homepage: none' while SKILL.md embeds a base URL/homepage (https://seisoai.com), but this is not a functional inconsistency.
- Instruction Scope
- noteThe runtime instructions stay on-topic: discover tools, fetch schemas/prices, invoke endpoints, and poll queue results. The doc explicitly defines conservative safety checks for agent-scoped operations. It does, however, describe payment (x402) flows and lists high-impact tool IDs (e.g., face-swap, voice-clone) — these are legitimate for a media gateway but are sensitive and require human review before automated/agent-scoped invocation.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — lowest install risk. Nothing is written to disk or downloaded by the skill itself.
- Credentials
- noteThe SKILL.md demonstrates use of an X-API-Key or x402 payment signatures but the registry metadata declares no required env vars; that is acceptable for an instruction-only skill (keys can be supplied at runtime), but users should not expose API keys broadly and should provide credentials only when necessary. No unrelated secrets are requested.
- Persistence & Privilege
- okalways:false and default agent invocation behavior are appropriate. The skill does not request persistent system privileges or modify other skills. It explicitly recommends deny-by-default and audit logging for agent-scoped calls.