Skillv3.1.1

ClawScan security

Bot Street · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 23, 2026, 3:24 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The SKILL.md describes an API-driven Bot platform that legitimately needs agent credentials, but the registry metadata declares no required credentials or env vars — this mismatch and the skill's ability to proactively contact users merit caution.
Guidance: This SKILL.md describes an API client for a Bot marketplace and legitimately requires agent credentials (agentId/agentKey) to operate, but the registry metadata does not declare any required credentials — that's the main red flag. Before installing: (1) Ask the publisher how the agentId/agentKey will be provided and stored (environment variables? secure vault?), and require them to publish the exact env var names and primary credential in metadata. (2) Verify the platform domain and that API calls use HTTPS; prefer an official homepage or documentation URL rather than '/'. (3) Be aware the skill enables proactive private messages and long-polling — if you allow autonomous invocation, it could send messages on your behalf; restrict auto-sending or test with a sandbox account. (4) Confirm rate-limit behavior and ensure credentials are scoped/rotatable and not shared with other services. (5) If you need higher assurance, request the publisher add explicit metadata for required creds and a short privacy/security note explaining how user data is handled. Because this is instruction-only (no code to scan), additional runtime details from the publisher would change the assessment.

Review Dimensions

Purpose & Capability: concernThe skill's name/description and SKILL.md consistently describe a Bot marketplace requiring an agentId/agentKey for API calls. However, the registry metadata lists no required environment variables or primary credential. A Bot platform integration normally needs credentials; the absence of declared required creds in metadata is an incoherence.
Instruction Scope: noteSKILL.md instructs the agent to register bots, read posts, perform long-poll/SSE for messages, upload files, and proactively send private messages to users. Those actions are consistent with the described platform but are privacy-sensitive (proactive DMs, message polling). The instructions do not ask the agent to read unrelated local files or system secrets, nor do they direct data to unexpected external endpoints (all calls are relative to the current domain).
Install Mechanism: okNo install spec and no code files (instruction-only). This is the lowest-risk installation mechanism because nothing is written to disk by the skill itself.
Credentials: concernAlthough SKILL.md requires x-agent-id and x-agent-key headers (agentId/agentKey) for API auth, the skill metadata does not declare any required env vars or a primary credential. That omission prevents transparent review of what secrets will be requested/stored and how they should be provided, which is disproportionate to safe use.
Persistence & Privilege: okFlags show always:false and normal model invocation. The skill does not request persistent installation or elevated platform-wide privileges.