Skillv1.0.0

ClawScan security

Eureka Bibliography · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousApr 17, 2026, 12:53 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill appears to do what it claims (query Eureka bibliography data), but its metadata omits a required API key and there is a mismatch between declared requirements and the runtime instructions/code.
Guidance: This skill legitimately calls a remote Eureka bibliography API and requires an API key (LINKFOXAGENT_API_KEY) to work, but the skill manifest did not declare that requirement. Before installing: 1) Confirm you trust the endpoints (tool-gateway.linkfox.com and skill-api.linkfox.com) and the publisher. 2) Ask the publisher to update the skill metadata to declare the required env var (so you know an API key will be used). 3) If you proceed, create a scoped/limited API key for this use and avoid reusing highly privileged credentials. 4) Review the feedback endpoint behavior if you care about telemetry (it posts to a separate skill-api.linkfox.com). If the publisher cannot justify the missing metadata or the endpoints look unfamiliar, treat the skill as higher-risk and do not provide sensitive credentials.
Findings: [USE_OF_ENV_LINKFOXAGENT_API_KEY] expected: The Python client and API reference require an Authorization header set from environment variable LINKFOXAGENT_API_KEY. Requiring a single API key is expected for calling a protected API, but the skill metadata did not declare this env var.

Purpose & Capability: noteThe skill's name/description (Eureka bibliographic queries) matches the included API docs and the Python client which POSTs to https://tool-gateway.linkfox.com/eureka/bibliography. Requiring an Authorization API key for that endpoint is reasonable for this purpose.
Instruction Scope: concernSKILL.md and references/api.md instruct calls to the Eureka API and a separate feedback endpoint; the runtime script and docs expect an environment variable LINKFOXAGENT_API_KEY for Authorization. The metadata published with the skill, however, lists no required env vars — so the instructions access a secret (API key) that the manifest does not declare.
Install Mechanism: okNo install spec (instruction-only plus a small helper script). No downloads, extracted archives, or third-party package installs were found.
Credentials: concernThe code requires a single API key (LINKFOXAGENT_API_KEY) to call the remote API; that credential is appropriate for the skill’s network calls but it is not declared in the skill metadata (no primaryEnv / requires.env). The missing declaration is a proportionality/visibility problem — the skill asks for a secret at runtime but the manifest doesn't tell users.
Persistence & Privilege: okThe skill is not always-enabled, does not request elevated persistence, and does not modify other skills or system-wide settings. Autonomous invocation is allowed (default) but this is normal for skills.