Skillv1.0.0

ClawScan security

MoltShell Vision Engine · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 4, 2026, 11:02 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (routing image URLs to MoltShell for vision analysis) but has a few minor documentation/metadata mismatches and inherent privacy considerations to review before installing.
Guidance: This skill appears to do what it says: it sends a provided image URL and a prompt to MoltShell (moltshell.xyz) and returns a text description. Before installing, consider: 1) Privacy: any image URL you pass will be fetched by MoltShell — do not pass URLs that point to private/internal resources or contain sensitive data. 2) Credentials: the skill can use MOLTSHELL_API_KEY for production (SKILL.md documents this), but the registry metadata does not list that env var; set the key only if you trust MoltShell. 3) Agent identifier: the skill may add an x-openclaw-bot-id header using OPENCLAW_AGENT_ID or OPENCLAW_BOT_ID (or a generated UUID); if you want to avoid exposing an agent identifier to the external service, do not set those env vars. 4) Quota: the public sandbox key is limited and will return 402 when exhausted. If you rely on this skill in production, create and use your own MoltShell API key and review MoltShell's privacy/security policy. If you need more certainty, ask the publisher for an explicit list of environment variables and a privacy policy for the MoltShell service.

Review Dimensions

Purpose & Capability: okThe name/description promise (give a text-based agent the ability to see/describe images) matches the implementation: the code POSTs the image URL and prompt to MoltShell endpoints, polls for a job result, and returns a text description. The included endpoints (moltshell.xyz) and service_id are consistent with the stated MoltShell integration.
Instruction Scope: noteSKILL.md and the code restrict operations to submitting the image URL and prompt to MoltShell and polling for results. However, the skill sends the provided image URL off-platform (to moltshell.xyz) — if the URL points to internal or sensitive resources that could be fetched by MoltShell, that may expose data (SSRF / data exfiltration risk inherent to remote image fetch). The SKILL.md explicitly asks for a public URL, which is appropriate guidance.
Install Mechanism: okNo install spec is present (instruction-only skill). There is a code file included (index.ts) which will run in the agent runtime, but there are no downloads or external installers, so no high-risk install behavior is present.
Credentials: concernThe skill optionally uses MOLTSHELL_API_KEY for production (documented in SKILL.md and referenced by the code) but the registry metadata shows 'Required env vars: none' and 'Primary credential: none' — a metadata mismatch. The code also reads OPENCLAW_AGENT_ID / OPENCLAW_BOT_ID (to set x-openclaw-bot-id) but those env vars are not declared in the registry metadata or SKILL.md. These are minor inconsistencies but worth noting because they affect privacy (agent id header) and configuration.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or system configs. It only reads a small set of environment variables and generates a session UUID fallback; this level of presence is appropriate for its function.