Back to skill
Skillv1.0.1
ClawScan security
LocalsBnb MCP · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 4:13 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's declared inputs and runtime instructions match its stated purpose (calling LocalsBnb APIs using APP_ID/APP_SECRET via an npm MCP server), but it relies on an external npm package that this SKILL.md cannot prove or inspect — review the package before trusting secrets.
- Guidance
- This skill appears internally consistent for calling LocalsBnb APIs, but it depends on the npm package localsbnb-mcp-server which is not included for review. Before installing or supplying APP_SECRET/APP_ID: 1) Inspect the npm package source (GitHub repo or unpack tarball) to confirm it only calls official domains and has no unexpected behaviors. 2) Check the package owner, publication history, download counts and recent changes; prefer well-established packages. 3) Pin to a specific version and run 'npm audit' / static review. 4) Provide the APP_SECRET in a controlled/private channel or secret store (do not paste into group chat). 5) Use the least-privilege token possible and rotate it after initial use or testing. 6) If possible, run the MCP server in an isolated environment (container) while you validate network calls (e.g., via egress logging) to confirm it contacts only the expected API endpoints.
Review Dimensions
- Purpose & Capability
- okName/description, required env vars (APP_ID, APP_SECRET), required binary (npx) and the declared npm package (localsbnb-mcp-server) are coherent with a skill that proxies requests to LocalsBnb official APIs. No unrelated credentials or binaries are requested.
- Instruction Scope
- noteSKILL.md restricts actions to running the published npm MCP server (via npx) and sending requests to the official LocalsBnb API domain; it does not instruct reading unrelated files or other env vars. However the document cannot itself enforce the claim that the installed package only calls the official domain — that behavior depends on the third-party npm package code.
- Install Mechanism
- noteInstall uses a public npm package (localsbnb-mcp-server) which is a typical, expected mechanism. This is moderate risk because npm packages can contain arbitrary code; no package source or code is included in the skill bundle for review.
- Credentials
- okOnly APP_ID and APP_SECRET are required and APP_SECRET is marked primary — this matches the expected needs for an API client. APP_SECRET is sensitive; the skill appropriately warns not to store tokens in repos or public chat.
- Persistence & Privilege
- okalways is false and the skill is user-invocable with normal autonomous invocation allowed. It does not request system-wide configuration or other skills' credentials. This is the standard, expected privilege model.