Back to skill
Skillv1.0.0
ClawScan security
Lap Alexa For Business · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 27, 2026, 10:08 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's documentation and requested secret (ALEXA_FOR_BUSINESS_API_KEY) are inconsistent with how the Alexa For Business / AWS APIs actually work, suggesting either sloppy/auto-generated instructions or potential misdirection — proceed with caution and do not hand over AWS credentials without clarification.
- Guidance
- Do not provide AWS credentials or long-lived keys to this skill as-is. The SKILL.md contains clear technical inaccuracies (wrong auth model, X-Amz-Target placed in path, http URL) that suggest it was auto-generated or incorrectly documented. Ask the maintainer to explain: (1) exactly what ALEXA_FOR_BUSINESS_API_KEY is and how it is scoped/issued, (2) why SigV4/AWS credentials and region are not required, and (3) why requests would use HTTP and encode X-Amz-Target in the path. Prefer using the official AWS SDK/CLI or verified integrations for Alexa For Business tasks. If you must test this skill, use least-privilege, short-lived credentials (e.g., a role with a very restricted policy) and monitor logs; otherwise avoid installing it until the above inconsistencies are resolved.
Review Dimensions
- Purpose & Capability
- concernThe skill claims to call Alexa For Business (an AWS service) but only asks for a single ALEXA_FOR_BUSINESS_API_KEY. AWS APIs (including Alexa For Business) normally require AWS credentials and SigV4 signing (access key, secret, region) or use the AWS SDK/CLI; a single API key is not a standard, documented auth method for this service. The requested env var does not match the platform's expected credentials, so the stated purpose and required secrets are mismatched.
- Instruction Scope
- concernSKILL.md contains multiple protocol and usage inaccuracies: it claims 'ApiKey Authorization in header', lists endpoints where the X-Amz-Target is placed in the URL path (e.g., POST /#X-Amz-Target=AlexaForBusiness.ApproveSkill) rather than as an HTTP header, and uses an http:// base URL (not https). These are incorrect for AWS APIs (which use HTTPS and X-Amz-Target as a header). The instructions also reference actions (creating schedules that deliver to S3) that imply need for broader AWS permissions but do not request those credentials. The prose grants no clear, safe runtime steps for authenticating or sending requests, and could mislead a user into supplying inappropriate secrets.
- Install Mechanism
- okThis is instruction-only (no install spec, no code files). That reduces disk/write risk because nothing is downloaded or installed automatically. However, instruction-only content can still ask for secrets or direct the agent to make network requests; the absence of install operations is not sufficient to make it safe.
- Credentials
- concernOnly a single env var ALEXA_FOR_BUSINESS_API_KEY is required, which is disproportionate and inconsistent with the AWS/Alexa For Business API surface. If the skill expects a long-lived AWS Access Key ID/Secret masquerading as an 'API key', users could be tricked into providing highly privileged credentials. The skill does not request region, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, or session tokens — all normally required — which is suspicious.
- Persistence & Privilege
- okThe skill is not always-enabled and uses default autonomy settings (agent may invoke it). That is normal. There is no evidence it requests persistent modification of agent/system config or other skills' settings.