Back to skill
Skillv1.0.0
ClawScan security
Pixshop Creative API — Developer REST Endpoints · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 8, 2026, 8:01 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to be a straightforward Pixshop REST API reference, but the runtime instructions encourage reading local config/credentials and show auth flows while the skill declares no required credentials — this mismatch warrants caution.
- Guidance
- This skill is largely a documentation page for Pixshop's REST endpoints, but it demonstrates ways to obtain tokens (installing a CLI and reading ~/.pixshop-config.json) without declaring required credentials. Before installing or enabling it: - Verify the skill's source or official Pixshop docs (no homepage/source provided here). - Prefer providing an explicit PIXSHOP_TOKEN environment variable rather than letting the agent run shell commands or read ~/.pixshop-config.json. - If you do not want the agent to access local files or run commands, remove or restrict allowed-tools (Bash/Read) or disable autonomous invocation for this skill. - If you consider installing the 'pixshop' npm CLI, review that package and its maintainers first (npm install -g runs code). - Be cautious with the Supabase examples: they reference apikeys and auth endpoints — never expose service anon/secret keys unless you intend to. If you want a low-risk integration, ask the skill author to declare required env vars (token) and remove instructions that encourage reading local config files or installing third-party CLIs.
Review Dimensions
- Purpose & Capability
- noteThe name/description match the SKILL.md content (REST endpoints for Pixshop). However, the instructions demonstrate auth acquisition (CLI login and reading ~/.pixshop-config.json, Supabase auth examples) even though the skill declares no required environment variables or primary credential. A REST-integration skill would normally declare a token env var (e.g., PIXSHOP_TOKEN).
- Instruction Scope
- concernSKILL.md contains explicit examples that read local configuration (cat ~/.pixshop-config.json) and install/run a 'pixshop' CLI. The skill header allows Bash and Read tools, which combined with those examples means the agent could be instructed to access local files/execute shell commands to obtain tokens. That expands scope beyond merely describing HTTP endpoints and could lead to unintended credential exposure.
- Install Mechanism
- okThis is instruction-only (no install spec, no code files). That is low-risk from an installation-perspective because nothing is downloaded or written by the skill itself.
- Credentials
- concernThe API clearly requires an Authorization Bearer token, and examples reference an accessToken and Supabase apikey, but the skill declares no required env vars or primary credential. The absence of declared credentials is disproportionate to the documented auth needs and makes it unclear how the agent should obtain/store tokens safely.
- Persistence & Privilege
- notealways is false (normal). The skill allows Bash and Read in its header, enabling runtime shell and file reads; this is not inherently malicious but increases the blast radius if the agent is allowed to execute autonomously. No evidence the skill requests permanent presence or modifies other skills.