Back to skill
Skillv1.0.0
ClawScan security
HK-101 Living RAG · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 12, 2026, 3:05 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is a simple local RAG that reasonably needs an OpenAI key and access to a docs folder, but the package metadata omits the declared OPENAI_API_KEY requirement and the instructions allow reading arbitrary local files — these inconsistencies and privacy risks should be clarified before install.
- Guidance
- This skill appears to implement a straightforward local RAG, which legitimately needs an OpenAI API key and access to a docs folder. Before installing: (1) confirm the registry metadata is updated to list OPENAI_API_KEY (the SKILL.md requires it but the manifest does not), (2) decide and restrict which docsPath will be used (avoid pointing it at broad/system folders to prevent accidental exposure of secrets), and (3) if you will supply an OPENAI_API_KEY, consider scoping or using a key with limited quota/permissions. If you need stronger assurance, ask the publisher for a full description and example run, and for explicit limits on which filesystem paths the skill will read.
Review Dimensions
- Purpose & Capability
- noteSKILL.md describes a local RAG over markdown/text — that purpose aligns with needing an API key to call models and access to a docsPath. However the registry metadata lists no required env vars while the runtime instructions explicitly say 'Requires: OPENAI_API_KEY in env', which is an internal inconsistency.
- Instruction Scope
- noteInstructions are short and focused: take a query, look in docsPath (default ./docs), return top-k matches and a synthesized answer. This stays within the stated purpose, but it authorizes reading arbitrary files under the docsPath without guidance or safeguards — that can expose sensitive local content if the docsPath is broad or mis-set.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — minimal install risk (nothing is downloaded or written to disk by the skill itself).
- Credentials
- noteThe skill only needs an OPENAI_API_KEY (reasonable for RAG). But the manifest metadata does not declare this env var while SKILL.md does, creating an unexpected credential requirement that should be corrected/confirmed.
- Persistence & Privilege
- okSkill does not request always:true and is user-invocable with normal autonomous invocation allowed — no elevated persistence or cross-skill config access is requested.