Skillv1.0.11

ClawScan security

LinkFoxAgent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 30, 2026, 7:20 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to do what it claims (an agent that forwards e‑commerce research tasks to LinkFox), but there are multiple incoherences and privacy/operational risks you should review before installing.
Guidance: This skill packages Python scripts that will be executed and will forward your task prompts to https://agent-api.linkfox.com/ using an API key (LINKFOXAGENT_API_KEY). Before installing, verify the following: (1) confirm the registry metadata vs SKILL.md — the package requires an API key but the registry listing did not declare it; (2) confirm LinkFox's official homepage and that agent.linkfox.com/agent-api.linkfox.com are legitimate and match the vendor you expect; (3) inspect scripts/linkfox.py and upload_image.py yourself (run them in an isolated environment) to ensure they do nothing unexpected; (4) avoid putting passwords, tokens, or other secrets into prompts because prompts are sent to the external API; (5) consider running the skill in a sandboxed agent or isolated account and only grant the LINKFOXAGENT_API_KEY with least privilege (rotate/delete the key after testing). If you need, I can (a) summarize the included scripts' contents line‑by‑line if you want deeper code inspection, or (b) point out exact places in SKILL.md that should be corrected for registry consistency.

Review Dimensions

Purpose & Capability: concernSKILL.md and the reference docs are coherent with a large e‑commerce research agent (many tools and data sources). However the packaged skill expects an external LinkFox API key (LINKFOXAGENT_API_KEY) and will send user prompts to https://agent-api.linkfox.com/, yet the registry metadata shown to the platform lists no required env vars / primary credential and homepage was 'none' while SKILL.md's metadata includes a homepage and an env requirement. The missing/contradictory registry metadata (no env declared) is an incoherence: an API key is plausibly required for this purpose, but the registry should declare it.
Instruction Scope: concernRuntime instructions explicitly tell the agent to spawn sub‑agents that run the included python script (scripts/linkfox.py) and to submit full task prompts to LinkFox's API. That means user prompts (and any content the agent places into the task prompt) will be transmitted to an external service. While expected for a remote SaaS integration, this creates a privacy/data‑exfiltration surface: the SKILL.md warns not to include secrets, but ordinary user messages may contain sensitive info. The instructions also mandate always using sessions_spawn and give wide autonomous discretion (e.g., decide whether to share returned HTML report URLs), which increases the operational impact.
Install Mechanism: concernThere is no separate install spec (instruction‑only install), but the package includes executable Python scripts (scripts/linkfox.py and upload_image.py) that the agent is instructed to run. Executing bundled scripts is higher‑risk than purely instruction‑only skills because code on disk will run and may perform network calls. No external downloads or obscure URLs are used, but the registry omission of the required env var and the presence of runnable code without explicit install notes is an incoherence to surface.
Credentials: concernThe SKILL.md documents and metadata require a single API key (LINKFOXAGENT_API_KEY), which is proportionate for a remote SaaS integration. However the top-level registry metadata (presented to the platform) lists no required env vars or primary credential, creating a mismatch: the skill will fail or attempt to operate only when a secret is manually set, but the platform registry did not advertise that need. That mismatch is potentially misleading and a security/usability concern.
Persistence & Privilege: okThe skill does not request always:true and does not declare system-wide config modifications. It requires running tasks via sub‑agents but does not demand persistent elevated privileges in the registry metadata. Autonomous invocation is allowed (default) — expected for skills — but not combined with an 'always' override.