Skillv1.0.5

ClawScan security

ghost cms · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 10, 2026, 4:31 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to do what it says (manage Ghost via the Admin API); requested artifacts and code are generally proportionate, with a few minor oddities and a small robustness bug but no clear misdirection or exfiltration behavior.
Guidance: This skill is coherent with its Ghost CMS purpose, but review these before installing: (1) You must provide a JSON config file containing api_url and the Admin API Key (id:secret); store that file securely and do not commit it to source control. (2) The script will download external image URLs provided by you and re-upload them to your Ghost instance — avoid passing untrusted URLs to prevent unexpected outbound requests. (3) Examples and one conditional branch are specific to a sample domain (fu-ye.com) and example file paths; replace those with your own. (4) The scripts call requests and pyjwt — install those packages in an isolated environment (virtualenv) and inspect scripts/ghost.py yourself before use (there is a small truncation/typo in the distributed listing that suggests verifying the full file). If you need the platform to manage credentials, consider storing the Admin API Key in a secure secret store instead of a filesystem file.

Review Dimensions

Purpose & Capability: noteName/description (Ghost Admin API client) match the included code and instructions. The skill expects a JSON config file containing api_url and admin_api_key rather than environment variables; that is a legitimate design choice but differs from many skills that declare required env vars. Some sample paths and a hardcoded domain ('fu-ye.com') appear to be leftover from the original author's environment and are not necessary for general use.
Instruction Scope: okSKILL.md and the code keep to Ghost management tasks (create/update/delete/list posts, upload images). The runtime instructions explicitly require a user-provided JSON config file and instruct installing only requests and pyjwt. The code will download remote images when given external image URLs (to re-upload them) which is consistent with the stated 'localize upload' behavior; this means the script can make arbitrary outbound HTTP GET requests for images if the user supplies external URLs.
Install Mechanism: okThere is no automated install spec; the skill is instruction-and-script only. Dependencies are installed via pip as documented in SKILL.md (requests, pyjwt). No downloads from untrusted arbitrary URLs or archive extraction were found in the provided files.
Credentials: noteThe skill requests no platform environment variables, relying instead on a local JSON config file containing the Admin API Key (id:secret). That is proportionate to the stated purpose. However, the registry metadata does not declare this config requirement as a required credential, which is a minor metadata mismatch the user should be aware of.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or global agent configuration. It runs as an on-demand script and examples show importing the local script; no persistent or elevated privileges are requested.