Skillv2.0.1

ClawScan security

Run402 Test · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 9:44 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared metadata and README don't mention reading local config, but the included script silently reads ~/.config/run402/projects.json to obtain service keys and uses them to call the provider API — an undeclared access to local credentials that should be clarified before use.
Guidance: Before installing or running this skill: (1) Inspect ~/.config/run402/projects.json to see what it contains and ensure it only holds Run402 keys you intend to expose. (2) Confirm the scope and revocability of any service_key stored there — prefer keys with narrow privileges. (3) Ask the publisher to update SKILL.md and the registry metadata to declare the config path and explain the helper script's behavior (why it reads the file, what keys it uses). (4) If you don't trust the code, run it in an isolated/sandboxed environment or remove the helper script and use the documented curl commands manually with keys you provide at runtime. (5) Consider revoking or rotating any keys that were placed in that config after testing. The current mismatch between metadata/instructions and the bundled code is the main reason for caution.

Review Dimensions

Purpose & Capability: concernThe skill claims to help provision and use Run402 databases which is consistent with the included helper script that posts SQL to the Run402 admin API. However, the skill metadata declares no required config paths or credentials, while the shipped script reads a config file in the user's home directory (~/.config/run402/projects.json) to extract service_key. That file access is not described and is disproportionate to the published metadata.
Instruction Scope: concernSKILL.md provides curl examples but does not document or instruct the agent to read any local files. The bundled sql2.mjs script (not referenced in SKILL.md) reads a local config file, extracts a service key, and posts SQL. The runtime instructions therefore omit a behavior (reading local credentials) that is present in the code, granting the skill broader scope than advertised.
Install Mechanism: okNo install spec is included (instruction-only plus a small helper script). Nothing is downloaded or installed automatically, which minimizes install-time risk.
Credentials: concernThe skill does not declare any required environment variables or config paths, but the script reads a per-user config file containing project IDs and service keys. Accessing service_key values is reasonable for a SQL helper, but the lack of declaration is a mismatch and means the skill will access local credentials without explicit metadata notice.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated or persistent platform privileges, nor does it modify other skills or system-wide settings.