Skillv1.0.1

ClawScan security

Github Bounty Finder · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 15, 2026, 5:35 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement a legitimate GitHub/Algora bounty scanner, but the registry metadata omits required credentials and there are minor packaging/information gaps that warrant caution before installing.
Guidance: This skill otherwise appears to do what it claims (scan GitHub and Algora for bounties). Before installing: 1) Note the registry metadata omission — you must supply a GitHub personal access token and an Algora API key (SKILL.md explains this). 2) Use a token with minimal scopes (public_repo as suggested) and avoid reusing a high-privilege token; store it in a directory-local .env or a secrets manager and rotate it if needed. 3) Review the referenced repository URL and author if you need provenance; run npm install in an isolated environment (or scan packages) before running. 4) Because the package performs network requests, verify you’re comfortable with it making API calls to api.github.com and api.algora.io. 5) If you want stronger assurance, inspect the published repository (or run npm audit) and consider running the tool inside a container or VM so credentials are easier to isolate. The main actionable issue is the metadata/documentation mismatch — treat that as a red flag and confirm credentials and origin before use.

Review Dimensions

Purpose & Capability: concernThe skill's code and SKILL.md clearly require a GITHUB_TOKEN and an ALGORA_API_KEY for its stated purpose (scanning GitHub and Algora). However, the registry metadata lists no required environment variables or primary credential. This mismatch is an incoherence: anyone running the scanner legitimately needs those tokens, so the metadata should declare them.
Instruction Scope: okSKILL.md and bin/cli.js keep instructions focused on scanning GitHub/Algora, creating a local .env file, and running the CLI. The runtime instructions and code only read environment variables (GITHUB_TOKEN, ALGORA_API_KEY), query GitHub/Algora APIs, extract bounty amounts from issue bodies, and produce JSON output. There are no instructions to read unrelated files, access unrelated credentials, or send data to unexpected external endpoints.
Install Mechanism: noteThere is no separate install spec provided by the registry (instruction-only claim), but the package includes package.json with typical dependencies (axios, node-fetch, chalk, commander, dotenv). No downloads from untrusted URLs or extract-from-URL steps are present. The presence of code files means installing (npm install) will pull dependencies from npm; that's expected but should be done in a trusted/isolated environment. Minor oddity: both axios and node-fetch are listed (redundant but not malicious).
Credentials: concernThe only environment values accessed by the code are GITHUB_TOKEN and ALGORA_API_KEY, which are proportionate to the stated functionality. However, the registry metadata claimed 'Required env vars: none' while SKILL.md and code ask the user to create a .env with both tokens. This omission in metadata is a security/usability concern because users may not realize credentials are required or needed to run authenticated scans.
Persistence & Privilege: okThe skill does not request persistent/privileged platform presence (always: false). It does not modify other skills or system-wide agent settings. It runs as a CLI library and only uses environment variables and outbound API calls; autonomous invocation settings are default and unremarkable.