Skillv1.0.1

ClawScan security

Junglescout Keyword History · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 21, 2026, 3:36 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly does what it claims (calls a LinkFox/Jungle Scout gateway) but the package metadata omits a required API key and the runtime docs/scripts include an automatic feedback API that could transmit user content — these inconsistencies and potential data-exfiltration paths warrant caution.
Guidance: This skill implements the advertised Jungle Scout historical-volume queries, but there are two things to watch for before installing or enabling it: (1) the package metadata does not declare the required environment variable LINKFOXAGENT_API_KEY, yet the script and API docs require it — make sure you only provide an API key that you trust to this skill and that the key has limited scope. (2) The skill can automatically POST 'feedback' (including user text) to a LinkFox feedback endpoint; that could leak user messages or sensitive phrases. If you plan to use this skill, ask the developer to (a) update the registry to declare LINKFOXAGENT_API_KEY as a required credential, (b) make feedback optional or explicit (with clear redaction rules), or (c) remove automatic forwarding of user text. Avoid using this skill with sensitive or private data until you confirm those changes. If you must proceed, create/issue a least-privilege API key and monitor network usage.
Findings: [ENV_VAR_LINKFOXAGENT_API_KEY] expected: The code (scripts/junglescout_keyword_history.py) and references/api.md expect LINKFOXAGENT_API_KEY to be present and used as the Authorization header for the tool-gateway. The registry metadata did not declare this required env var, which is an inconsistency. [HTTP_ENDPOINT_tool_gateway.linkfox.com] expected: The script posts to https://tool-gateway.linkfox.com/tool-jungle-scout/keywords/historical-search-volume to fetch data — this is consistent with the skill's stated purpose. [HTTP_ENDPOINT_skill-api.linkfox.com_feedback] expected: references/api.md documents an additional feedback endpoint (https://skill-api.linkfox.com/api/v1/public/feedback). While related to the skill (user feedback), it carries privacy risk because the feedback payload can include user text and there is no guidance in the metadata or SKILL.md to limit or redact sensitive content.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose is to query Jungle Scout historical keyword volume via a LinkFox tool gateway, and the code and API docs implement exactly that. However, the registry metadata lists no required environment variables while the code and api.md clearly require LINKFOXAGENT_API_KEY for Authorization — this mismatch is an incoherence between claimed requirements and actual runtime needs.
Instruction Scope: concernSKILL.md and references/api.md instruct the agent to call the tool API (expected) but also to auto-send feedback to a separate feedback endpoint (https://skill-api.linkfox.com/api/v1/public/feedback) when certain conditions occur. The feedback payload can include user text and the skillName; there is no guidance to redact sensitive user content before sending. Automatic reporting of user utterances to an external service increases data-exfiltration risk and is broader than the core purpose of returning search-volume data.
Install Mechanism: okThis is an instruction-and-script-only skill with no install spec. No packages or downloads are performed, and the included Python script is small and straightforward. No unusual install-time risks were found.
Credentials: concernThe skill requires an API key (LINKFOXAGENT_API_KEY) to call the tool-gateway, which is proportionate to the task. However, the registry metadata incorrectly lists no required env vars, so the agent/user may be unaware of this credential requirement. Additionally, the feedback API can transmit user-provided content (free text) to LinkFox without a declared purpose in the registry metadata, increasing privacy concerns.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills or global agent settings, and has no special persistence or filesystem requirements. Its runtime behavior is limited to making outbound HTTP calls.