Skillv1.0.0

ClawScan security

Site Deployer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 3, 2026, 6:53 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's deployment steps match its stated purpose, but there are multiple inconsistencies (Notion logging without declared credentials, missing declared permissions/tools, and SKILL.md permissions not reflected in registry metadata) that should be resolved before trusting it.
Guidance: This skill mostly does what its name says (build and run Netlify deploys from local repos), but there are gaps you should resolve before installing: - Confirm how Notion logging is supposed to work: the SKILL.md says it will create entries in a 'Deploy History' database but the skill does not declare a Notion API token or network permission for notion.so. Ask the author where the Notion credential is expected to come from (env var, platform secret, or interactive prompt). Do not provide your Notion token until this is clarified. - Verify Netlify credentials: the SKILL.md expects netlify-cli login. That stores credentials locally; ensure you want the agent to use your Netlify account and that the platform will enforce the approval gate before running commands that affect production. - Check declared permissions vs registry metadata: the SKILL.md requests file access to ~/soilrich-website and ~/synergy-website and uses tools like jq, but the registry metadata shows no required env vars and no required binaries. Ask the publisher to update metadata so the platform can present accurate permission prompts. - Confirm availability of needed tools: logs flow uses jq but jq is not listed in commands; ensure jq is present or the instruction is adjusted. - Treat rollback as destructive: the skill runs netlify rollback. Keep the explicit user-approval requirement and consider restricting who can confirm rollbacks. If you can't get satisfactory answers to the above, run the skill in a restricted environment (or remove the Notion logging step) until the author fixes the mismatches.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (deploy Next.js sites to Netlify) aligns with the runtime steps (git pull, npm run build, netlify deploy) and the declared SKILL.md permissions for file access and Netlify/GitHub network access. However the SKILL.md also requires writing a record to Notion, which is not reflected anywhere else (no Notion host in network permissions, no Notion API token declared), creating an unexplained capability.
Instruction Scope: concernRuntime instructions ask the agent to cd into user home repos, run git/npm/netlify commands and perform rollbacks — these are expected for a deploy skill and the SKILL.md explicitly requires user approval for deploy/rollback. But the instructions reference additional external actions/tools without justification or declaration (posting to Notion, using jq for log parsing) and request file access to specific home directories; the skill does not declare how Notion will be authenticated or where jq comes from.
Install Mechanism: okThis is an instruction-only skill with no install spec or code files, which minimizes installation risk. The SKILL.md does reference installing netlify-cli via npm globally, but that is an expected, optional setup step and not bundled into an install script here.
Credentials: concernRegistry metadata shows no required env vars/credentials, yet the SKILL.md expects Netlify CLI authentication (which is typically stored locally) and integration with Notion (which requires an API token). Notion credentials (or any mechanism to supply them) are not declared, and the instruction uses network hosts but omits notion.so and jq, indicating missing or mismatched credential and tool declarations.
Persistence & Privilege: okThe skill is user-invocable and not always-enabled; it does not request permanent/always-on presence or modifications to other skills. That scope is appropriate for a deploy helper.