Skillv0.1.0

ClawScan security

Mulerouter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:30 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The code and runtime instructions match an image/video-generation router, but the package metadata, configuration declarations, and runtime behavior are inconsistent in ways that could lead to accidental secret exposure or surprising behavior; review before installing or running.
Guidance: This skill's code appears to implement a legitimate MuleRouter/MuleRun client for generating images/videos, but there are a few red flags you should consider before installing or running it: - Metadata mismatch: The skill metadata claims no required env vars, but the code and SKILL.md require MULEROUTER_API_KEY and either MULEROUTER_BASE_URL or MULEROUTER_SITE. Expect to provide an API key. - .env loading risk: The code will load a .env from the current working directory. Don't run these scripts from a directory that contains other secrets or .env files you don't want uploaded or printed. Prefer running in an isolated/sandboxed directory. - Local file upload: The tool prefers local file paths and will convert local images/videos to base64 and send them to the remote API. Only use files you are comfortable sending to the remote service. - No homepage / unknown source: There is no source/homepage or maintainer metadata. If possible, obtain a trusted upstream URL or verify the repository origin and maintainers before using API keys with this skill. - Run in a sandbox first: If you must try it, run it in a controlled environment (isolated container or VM) with a throwaway API key and minimal local files to confirm behavior. If you want to proceed safely, ask the publisher for a homepage or source repo, ensure the API endpoint is the official MuleRouter/MuleRun endpoint you expect, and avoid running the skill from directories that contain unrelated .env files or secrets.

Review Dimensions

Purpose & Capability: concernThe SKILL.md and code clearly expect an API key and environment variables (MULEROUTER_API_KEY, MULEROUTER_BASE_URL or MULEROUTER_SITE) and require Python + uv and network access to api.mulerouter.ai / api.mulerun.com, but the registry metadata lists no required env vars or binaries. That mismatch is incoherent: the skill will fail or prompt for secrets at runtime unless an API key is provided, yet metadata doesn't declare the requirement.
Instruction Scope: noteRuntime instructions ask the user/agent to check and print environment variables, load a .env from the current directory, run dependency installation (uv sync) and execute Python scripts that will read local image/video files and convert them to base64 to send to remote APIs. Reading and uploading local files is expected for this skill, but the instructions explicitly recommend running from the skill root and will load any .env found in the current working directory — this can unintentionally load unrelated secrets. The configuration-check commands also print the base URL and may expose variable values if run carelessly.
Install Mechanism: noteThere is no install spec (instruction-only install), which is low risk for installation, but the package contains many Python source files that will be executed locally. The SKILL.md requires the 'uv' runner and Python 3.10+, so the real runtime dependency is heavier than metadata indicates. No network downloads from untrusted URLs are present in an install step, but running the scripts will contact remote APIs.
Credentials: concernThe code requires an API key (MULEROUTER_API_KEY) and optionally a base URL or site selector; those are appropriate for a remote API integration. However, registry metadata declared no required env vars. The skill also loads a .env file from the current directory (dotenv) which can pull in unrelated secrets if the working directory contains such a file. The number and sensitivity of environment variables requested is moderate and appropriate for the purpose, but the failure to declare them in metadata and the .env loading behavior are concerning.
Persistence & Privilege: okThe skill does not request permanent inclusion (always:false) and does not modify other skills or system-wide settings. It identifies itself in outgoing requests via User-Agent headers but does not request elevated system persistence. Autonomous model invocation is allowed by default (disable-model-invocation:false), which is normal for skills; combined with the network access requirement this increases the operational blast radius but is expected for this integration.