Back to skill
Skillv1.0.0
ClawScan security
Nyne Enrichment · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewFeb 20, 2026, 8:09 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill appears to implement a plausible Nyne person-enrichment integration, but the SKILL.md asks for credentials and shell tooling that the registry metadata does not declare, and the instructions allow sending enriched PII to arbitrary callback URLs and echo secrets—these inconsistencies and data-exfiltration vectors warrant caution.
- Guidance
- Before installing or enabling this skill: 1) Verify the skill's origin (owner and homepage are missing); if you don't recognize the publisher, be cautious. 2) Expect to provide NYNE_API_KEY and NYNE_API_SECRET; ensure you trust Nyne and understand billing/PII policies. 3) The SKILL.md examples use curl, jq, and python3 — ensure your agent environment provides these or update the instructions. 4) Avoid supplying an untrusted callback_url — doing so will send enriched personal data to that endpoint. 5) Remove or avoid commands that echo secrets (even masked) into logs. 6) Consider legal/privacy implications of enriching personally identifiable information (emails, phones). 7) Ask the publisher to fix the registry metadata to list required env vars and binaries, and to document any data retention or webhook behaviors. If you cannot confirm the publisher and these inconsistencies, do not grant API credentials to the skill.
Review Dimensions
- Purpose & Capability
- concernThe name/description (person enrichment) matches the instructions and API endpoints. However, the registry metadata claims no required env vars or binaries while SKILL.md requires NYNE_API_KEY and NYNE_API_SECRET and relies on curl, jq, and python3. That mismatch is an incoherence between declared requirements and actual runtime needs.
- Instruction Scope
- concernInstructions direct the agent to POST/poll Nyne endpoints, display all returned data (including PII), and optionally use a callback_url webhook. The callback_url parameter enables delivering results to arbitrary endpoints (a potential exfiltration channel if misused). The examples also echo a masked API key/secret to stdout, which risks accidental leakage into logs. The nyne_parse helper runs python3 to sanitize JSON — expected but not declared in registry.
- Install Mechanism
- okThere is no install spec (instruction-only), which minimizes install-time risk. However, the runtime examples require standard CLI tools (curl, jq, python3) that the registry did not list as required binaries; that operational mismatch should be corrected but is not an install-level red flag.
- Credentials
- concernRequesting an API key and secret (NYNE_API_KEY, NYNE_API_SECRET) is proportionate to using a paid enrichment API. But the registry metadata shows 'none' for required env vars while SKILL.md requires two secrets—this inconsistency is suspicious. Also, the instructions show partial echo of secret values (even masked), which could surface secrets to logs.
- Persistence & Privilege
- okThe skill is user-invocable and not always-on; it does not request persistent platform privileges or modify other skills. No elevated persistence or 'always: true' behavior is present.