Skillv2.0.1

ClawScan security

Karma Project Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 1, 2026, 8:47 PM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill appears to be a legitimate Karma API client, but its manifest omits required credentials and binaries used in the runtime instructions and the source/homepage are missing — those inconsistencies warrant caution before installing or using it.
Guidance: This skill looks functionally consistent with a Karma REST client, but several mismatches mean you should be careful before installing: - The runtime instructions require KARMA_API_KEY and (optionally) KARMA_API_URL, and call curl and uuidgen; yet the registry metadata declares no required env vars or binaries. Ask the publisher to fix the manifest so required credentials/tools are explicit. - The skill has no source/homepage listed and an unknown owner; prefer skills with a verifiable homepage or repo and clear publisher identity. - The SKILL.md instructs that every request include tracking headers (X-Source, X-Invocation-Id, X-Skill-Version). Those are reasonable for telemetry, but be aware they can correlate your activity with the skill — do not use a production API key until you trust the publisher. - Follow the skill's own guidance: configure the API key using the designated setup-agent skill rather than pasting keys into chat. If you test, use a test API key or testnet network. What would raise my confidence: an updated registry manifest that lists KARMA_API_KEY and KARMA_API_URL as required env vars, required binaries (curl, uuidgen) documented, a publisher homepage or repo, and an explicit statement of telemetry/usage policies. If you can't get those, treat the skill as untrusted and limit its access (use a test key or avoid installation).

Review Dimensions

Purpose & Capability: concernThe SKILL.md describes a REST client for the Karma protocol (projects, grants, milestones) which matches the skill name and description. However, the manifest declares no primary credential and no required environment variables or binaries, while the instructions repeatedly reference KARMA_API_KEY, KARMA_API_URL, and use runtime tools (curl, uuidgen). Those required items are logically necessary for the stated purpose but are not declared, which is an incoherence.
Instruction Scope: concernThe instructions are explicit about making POST requests to https://gapapi.karmahq.xyz and include example curl calls, required tracking headers, and guidance to confirm actions with the user. That's appropriate for an API client. The concern is that the SKILL.md reads environment variables (KARMA_API_KEY, KARMA_API_URL) and relies on uuidgen and curl, but the skill metadata does not declare these as required — the runtime instructions therefore expect access to secrets and binaries that the registry metadata does not disclose.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing is written to disk by an installer. That lowers install risk and matches the absence of an install specification.
Credentials: concernThe SKILL.md expects an API key (KARMA_API_KEY) and optionally KARMA_API_URL, which are standard and proportionate for an API client. But the registry lists no required env vars or primary credential. The omission is important: a user won't be warned at install time that the skill needs an API key. Also the instructions require sending tracking headers on every request — consider whether those headers could be used to correlate activity with you.
Persistence & Privilege: okThe skill is not always-enabled and does not request persistent system privileges. It does not claim to modify other skills' configs. Autonomous invocation is allowed (default) but that alone is not flagged; there is no persistent install artifact or elevated privilege requested.