Back to skill
Skillv1.0.0
ClawScan security
Industry Research · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 23, 2026, 7:30 PM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's runtime instructions rely on external CLIs and an Ahrefs API key, but the package metadata declares no required binaries or environment variables — the manifest and instructions are inconsistent.
- Guidance
- Do not install blindly — the skill's instructions expect an Ahrefs API key and external CLIs (exa.js, firecrawl.js, and optional MCP tools) but the manifest doesn't declare them. Before using: (1) Confirm whether you want to provide AHREFS_API_KEY and issue a limited-scope token if possible; (2) Ensure exa.js and firecrawl.js (and mcporter/MCP if used) are installed from trusted sources, or update the manifest to include explicit install instructions; (3) Review any .agents/product-marketing-context.md or .claude/product-marketing-context.md files the agent may read for sensitive data and remove secrets; (4) Be aware the skill will write output to .agents/industry-research-{client}.md — verify that location is acceptable; (5) Ask the maintainer to update the skill metadata to list required binaries, required env vars (AHREFS_API_KEY), and any config paths, or decline installation until those inconsistencies are resolved. If you cannot verify these items, run the skill in an isolated/sandboxed environment with least-privilege credentials.
Review Dimensions
- Purpose & Capability
- concernThe SKILL.md explicitly orchestrates Ahrefs, Firecrawl, and Exa (including mcporter/MCP usage and Ahrefs REST API), which legitimately require an AHREFS_API_KEY and presence of exa.js/firecrawl.js/built tools. The registry metadata, however, lists no required binaries, no required env vars, and no install spec. That mismatch is disproportionate and unexplained.
- Instruction Scope
- concernRuntime instructions instruct the agent to (1) read local files (.agents/product-marketing-context.md or .claude/product-marketing-context.md) if present, (2) run external commands (exa.js, firecrawl.js, mcporter/MCP), (3) call Ahrefs endpoints with Authorization: Bearer $AHREFS_API_KEY, and (4) write an output artifact into .agents/industry-research-{client}.md. Reading local context files and calling external tooling is reasonable for research, but the instructions reference resources (env var and binaries) not declared in the skill metadata and thus grant the agent broad, vaguely-specified discretion.
- Install Mechanism
- noteThis is an instruction-only skill (no install spec), which is low-risk in isolation. However, the instructions depend on third-party CLIs (exa.js, firecrawl.js) and optionally an MCP server; because there's no install spec, the skill assumes those tools already exist on the host. That implicit dependency increases operational risk and should be made explicit in the manifest.
- Credentials
- concernThe SKILL.md requires using AHREFS_API_KEY (Authorization: Bearer $AHREFS_API_KEY) if MCP is unavailable, but the skill metadata lists no required environment variables or primary credential. This is a clear mismatch — a secret is referenced at runtime but not declared. The skill may also access local context files which can contain sensitive information; those accesses are not declared as config paths.
- Persistence & Privilege
- notealways is false and the skill does not request persistent system privileges. It will read local product-marketing-context files and write an artifact to .agents/industry-research-{client}.md; this is reasonable for its purpose but does constitute file read/write access to the agent workspace and may expose sensitive client data. The skill does not modify other skills or global agent settings.