ClawHub
Back to skill
v0.7.0

clawCat-BRIEF

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:36 AM.

Analysis

Prompt-injection indicators were detected in the submitted artifacts (base64-block); human review is required before treating this skill as clean.

GuidanceThis skill appears reasonable for generating briefs from public web sources. Before installing, be aware that it will make external network requests, may use a GitHub token if you configure one, and has limited published provenance metadata. ClawScan detected prompt-injection indicators (base64-block), so this skill requires review even though the model response was benign.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
clawcat/adapters/news/rss.py
feeds = config.get("feeds", DEFAULT_FEEDS) ... parsed = await asyncio.to_thread(feedparser.parse, url)

The skill can fetch configured RSS/Atom feed URLs as part of report generation. This is expected for a news briefing tool, but users should understand that configured feeds cause outbound network requests.

User impactThe skill may contact public websites, search engines, APIs, and configured RSS feeds while building a report.
RecommendationUse trusted feed/proxy configurations and avoid asking the skill to fetch internal or sensitive URLs unless that is intentional.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
metadata
Source: unknown; Homepage: none

The registry metadata does not provide a source repository or homepage for provenance review. This is a transparency gap, not evidence of malicious behavior.

User impactUsers have less external context for verifying the publisher, project history, or dependency provenance.
RecommendationInstall only if you trust the publisher or have reviewed the included code and dependency files.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
clawcat/adapters/tech/github_trending.py
token: str = config.get("github_token", "") ... headers["Authorization"] = f"token {token}"

The GitHub adapter can authenticate with a supplied GitHub token even though no primary credential is required. The code sends the token to GitHub for repository search and does not show logging or unrelated use.

User impactIf a user supplies a broad GitHub token, the skill will have whatever access that token grants during GitHub API calls.
RecommendationPrefer no token or a least-privilege/read-only token, and avoid providing tokens with repository write or administrative scopes.