Skillv1.0.2

ClawScan security

Lerwee API Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 19, 2026, 9:03 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement a coherent API client for the described monitoring platform, but there are inconsistencies around required credentials/config (undeclared env vars and an embedded example admin password) that warrant caution before installing or supplying secrets.
Guidance: What to check before installing or using this skill: - The skill will make HTTP requests to whatever base URL you configure. SKILL.md suggests environment variables LERWEE_BASE_URL and LERWEE_SECRET — but the registry metadata did not declare them. Expect to provide a secret if you want the client to work. - Do NOT supply production or high-privilege credentials until you trust the code: review scripts/lerwee_api.py and scripts/sign_test.py yourself. The client code performs signing and POSTs JSON to the configured base_url. - README includes an example admin password (ITIM_p@ssw0rd). Treat this as a placeholder—change any default credentials and never reuse real admin secrets when testing. - The default base_url in docs points to a private IP (192.168.1.79). Confirm that target host is the intended internal service; avoid pointing the skill at unknown or public endpoints. - If you must run the bundled scripts, run them in an isolated environment (test VM or container) and audit network traffic to ensure no unexpected endpoints are contacted. - If you want the platform to show correct required credentials, ask the publisher/maintainer to update metadata to declare LERWEE_BASE_URL and LERWEE_SECRET (or remove embedded secrets/examples).

Review Dimensions

Purpose & Capability: noteName, description, documentation and included Python client code align: the files implement an API client for the Lerwee monitoring platform and expose the documented endpoints. That capability justifies the included code and reference docs.
Instruction Scope: okSKILL.md and README instruct only how to configure base URL/secret, generate signatures and call the platform endpoints. The runtime instructions do not ask the agent to read unrelated system files, exfiltrate data, or call external endpoints other than the configured base_url.
Install Mechanism: okThis is instruction-only (no install spec). Code files are bundled but no installer or remote download is declared — lowest install risk. The package does include Python scripts which would run if you execute them, so they should be reviewed before running.
Credentials: concernRegistry metadata declares no required env vars or primary credential, but SKILL.md (and README) clearly expect LERWEE_BASE_URL and LERWEE_SECRET (and README shows a config.json with an admin username/password example). That mismatch (undeclared required secrets + an example admin password 'ITIM_p@ssw0rd' in docs) is disproportionate and ambiguous: the skill will need credentials to operate but the metadata does not advertise this, and the presence of a plaintext example admin password is a red flag for accidental credential leakage or misuse.
Persistence & Privilege: okSkill is not always-enabled and does not request elevated or persistent platform privileges. It does not modify other skills' configs according to provided files.