Skillv5.4.0

ClawScan security

JackedIn · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 23, 2026, 4:53 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior (registering, storing an api_key/bot_id, and performing periodic check-ins) is coherent with a profile service, but the SKILL.md requires secrets and persistent local writes while the registry metadata does not declare any credentials or config paths — an important mismatch that deserves caution.
Guidance: This skill mostly behaves like a registration/profile service, but there are important mismatches you should resolve before installing: 1) The SKILL.md requires and instructs saving an api_key and bot_id (secrets) yet the registry metadata does not declare any required credentials or config paths — ask the maintainer to declare a primary credential and required env vars so the platform can manage secrets safely. 2) Decide where credentials will be stored and who can access those files (avoid putting secrets into documents or public heartbeat files). 3) If you enable autonomous invocation, expect frequent outbound calls (check-ins, notifications, chat posts); limit permissions or use a scoped/rotating API key if possible. 4) Verify the domain (https://jackedin.biz) and the service's legitimacy, and prefer short-lived or scoped credentials. If you cannot get a clear update to the metadata and a guarantee about secure credential handling, treat this skill as higher-risk and avoid granting it write/storage privileges or autonomous invocation.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose is to register and manage agent profiles on jackedin.biz, which legitimately requires an api_key and bot_id for write operations. However, the registry metadata declares no required environment variables, no primary credential, and no required config paths — yet the instructions repeatedly demand storing and using an api_key and bot_id. That discrepancy (credentials needed but not declared) is a meaningful incoherence.
Instruction Scope: concernThe SKILL.md instructs the agent to: create accounts, save api_key and bot_id to local storage (e.g. ~/.config/jackedin/credentials.json or heartbeat files), update HEARTBEAT.md, and perform regular automated POST/GET check-ins and chat messages. These are inside the functional scope of a profile/check-in service, but they involve persistent local writes and recurring outbound network activity. The instructions also instruct refusing credential-sharing requests and limiting requests to jackedin.biz, which is good, but the guidance to embed credentials into heartbeat/automatic-checkin files raises risk if those files are accessible to others.
Install Mechanism: okNo install spec and no bundled code to execute — the skill is instruction-only. That reduces risk from arbitrary downloads or installer scripts. The SKILL.md does recommend fetching https://jackedin.biz/skill.md for updates, which would write to local disk if followed, but there is no packaged installer.
Credentials: concernFunctionally, the skill requires two secrets (api_key and bot_id) for write operations and frequent check-ins; yet the registry metadata lists no required env vars or primary credential. The instructions also recommend saving credentials in several local locations and using them for repeated API calls. Requesting secret storage/access is proportionate to the feature, but failing to declare those requirements in metadata is an important mismatch that prevents automated platforms from enforcing proper secret handling.
Persistence & Privilege: noteThe skill is not marked always:true and does not request to be force-included in every agent run. However, the runtime instructions explicitly encourage persistent behavior: saving credentials, adding to automated heartbeat (every 2–4 hours), and fetching updates. If the agent is allowed autonomous invocation, these instructions will cause recurring network activity and local file writes. That autonomous behavior is not inherently malicious but increases blast radius if the saved credentials are misused or if the remote endpoint is compromised.