Skillv0.2.4

ClawScan security

I'm Pretty Amazing · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 22, 2026, 3:26 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and requirements are consistent with a simple API client for imprettyamazing.com, but it asks the agent to collect and persist session cookies in plaintext and to accept user credentials/verification tokens in-chat — which are privacy-sensitive and deserve user caution.
Guidance: This skill appears to be a straightforward API client for imprettyamazing.com, but it will ask you to provide your account email and password (sent to the service) and may ask you to paste one-time verification or reset tokens into chat. It also offers to store session cookies (access/refresh tokens) in plaintext in TOOLS.md so you stay logged in. Before installing or using the skill: (1) confirm where TOOLS.md is stored and who can read it — decline persistent storage if others have access; (2) prefer ephemeral sessions (don't allow token persistence) if you're unsure; (3) avoid pasting long-lived secrets into chat — one-time codes are lower-risk but still share-sensitive; (4) consider creating an account/password distinct from your primary accounts; and (5) if you need stronger guarantees, request a version that supports OAuth or scoped API keys rather than plaintext cookie persistence. If you want me to, I can highlight exact lines in SKILL.md that perform these actions or suggest a safer token storage workflow.

Review Dimensions

Purpose & Capability: okName/description match the behavior: the SKILL.md and references/api.md describe how to log in, manage wins, comments, follows, etc. There are no unrelated environment variables, binaries, or install steps requested.
Instruction Scope: concernThe runtime instructions tell the agent to read and write TOOLS.md to persist cookies and expiry metadata and to create temporary cookie files in /tmp. The registry metadata did not declare required config paths, so the SKILL.md's reliance on TOOLS.md is an unadvertised side-effect. The skill also instructs the agent to ask the user for email/password and to prompt the user to paste email verification/reset tokens into chat — both are legitimate for login flows but are privacy-sensitive operations that should be handled with care.
Install Mechanism: okThis is an instruction-only skill with no install steps, downloads, or code files. No installation risk present.
Credentials: noteThe skill requests no environment variables or external credentials up front, which is appropriate. However, it explicitly instructs collecting user email/password interactively and persisting access/refresh tokens (cookies) in plaintext in TOOLS.md if the user opts in. Requesting credentials for the service itself is proportionate, but persisting tokens in plaintext increases privacy risk.
Persistence & Privilege: notealways:false and no system-wide changes are requested. The skill does request persistent storage of session tokens in TOOLS.md (its own tool storage), which is normal for convenience but raises persistence/privacy considerations; it does not request elevated privileges or modify other skills.