Skillv1.0.0

ClawScan security

Content Research - MCB AI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 5, 2026, 8:27 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (web research) matches its behavior, but the runtime instructions reference local secrets and platform-specific commands that are not declared in the skill metadata — this mismatch warrants caution.
Guidance: This skill appears to do what it claims (search Brave + call Tavily) but it currently omits declaring the Tavily API key and instructs the agent to read ~/.openclaw/.env and run PowerShell. Before installing, ask the publisher to: (1) update metadata to list required env vars (TAVILY_API_KEY, and any Brave key) so you know what secrets are needed; (2) avoid reading plaintext ~/.openclaw/.env — prefer the platform secret store or an explicit opt-in; (3) provide cross-platform (non-PowerShell) instructions or detect OS before running shell commands; and (4) document how Tavily responses are used and whether any user data is sent to third parties. If you are uncomfortable with an agent reading files in your home directory or sending requests to an external API using a secret, do not install. If you proceed, only provide the minimum-scoped API key and consider restricting autonomous invocation until you’ve reviewed behavior in a controlled setting.

Review Dimensions

Purpose & Capability: noteThe skill's stated goal (find trending content via Brave + Tavily) aligns with the instructions which use the built-in web_search and an external Tavily API. However, the skill metadata does not declare the Tavily API key or any primary credential even though SKILL.md and README instruct the agent to read and use TAVILY_API_KEY. That discrepancy suggests incomplete metadata rather than outright malicious intent.
Instruction Scope: concernSKILL.md explicitly instructs the agent to read ~/.openclaw/.env and extract TAVILY_API_KEY, then run PowerShell Invoke-RestMethod to call https://api.tavily.com/search. Reading a user's home .env file and executing platform-specific shell commands expands the skill's access surface beyond simple web search. While these actions are explainable for contacting Tavily, they access local files and use exec instructions that should be declared and constrained.
Install Mechanism: okNo install spec or bundled code is provided (instruction-only), so nothing will be downloaded or written to disk by the registry install process. This is the lower-risk install pattern.
Credentials: concernThe skill requires an API key for Tavily (and references Brave config) in practice, but requires.env and primary credential are left empty in metadata. The instructions also show reading a plaintext ~/.openclaw/.env file to obtain the key. Requiring local access to a secrets file without declaring it is disproportionate and a transparency issue.
Persistence & Privilege: okThe skill is not always-enabled and is user-invocable; autonomous invocation remains enabled (platform default). That combination is normal. Note: autonomous invocation plus access to external APIs/secret material increases blast radius, but this alone is not unusual and does not change the verdict.