Skillv1.0.0

ClawScan security

Clawhub Skill Bandwidth Income · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 25, 2026, 1:11 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions are consistent with setting up bandwidth-sharing nodes, but the package metadata omits the many credentials and host accesses the runtime instructions require and it directs running high‑privilege Docker containers — verify image provenance and secrets handling before installing.
Guidance: This skill appears to do what it says (deploy and monitor bandwidth-sharing nodes), but there are important risks and omissions to consider before installing: 1) The SKILL.md expects you to provide many credentials (email/passwords, auth tokens, Ethereum wallet info) but the skill metadata does not declare these — treat any secret you enter as sensitive. 2) The instructions pull and run third-party Docker images (mrcolorrain/grass, mysteriumnetwork/myst, storjlabs/storagenode, honeygain/honeygain); verify each image's official source, image tags, and checksums before running. 3) Containers are run with port mappings, mounted host paths, and NET_ADMIN capability—these increase privilege and can expose your host; run in an isolated VM or dedicated machine, not on a production host. 4) For wallets and staking keys, use dedicated wallets with minimal funds and consider hardware wallets or separate signing workflows where possible. 5) Ask the publisher for the upstream repository/homepage and image provenance; if unavailable, treat the skill as higher risk. If you decide to proceed, run in a sandboxed environment, audit the Docker images, and supply secrets via a secure secrets manager rather than embedding them in compose files.

Review Dimensions

Purpose & Capability: noteThe name/description align with the instructions: the SKILL.md explains deploying and monitoring Grass.io, Mysterium, Storj, and Honeygain nodes via Docker and tracking earnings. The listed commands and docker-compose match the stated purpose.
Instruction Scope: concernThe runtime instructions instruct the agent/user to run docker containers, mount host paths (e.g., ~/.mysterium), supply wallet/auth tokens as env vars, open network ports, and grant NET_ADMIN capability. These actions go beyond innocuous monitoring (they change host networking and run containers with elevated privileges) and require careful handling of secrets and host resources.
Install Mechanism: okThis is an instruction-only skill with no install spec or included binaries. No archives or third-party installers are fetched by the skill package itself, which reduces supply-chain risk from this package—but the instructions tell the user to pull third-party Docker images at runtime (see risks below).
Credentials: concernThe skill metadata declares no required env vars, but SKILL.md references multiple sensitive values (GRASS_USER/GRASS_PASS, HONEYGAIN_EMAIL/HONEYGAIN_PASS, Storj auth token, ETH wallet address, staking tokens). The absence of declared required credentials in the registry metadata is an inconsistency and hides the need to supply secrets when following instructions.
Persistence & Privilege: noteThe skill does not request always:true. It recommends running containers with --restart unless-stopped (persistence) and uses capabilities like NET_ADMIN and host port mappings, which increase privilege and attack surface. Autonomous agent invocation is allowed by default; combined with exec/web_fetch tools declared in skill.json, this could let the agent run these privileged commands if given permission.