Back to skill
Skillv0.1.10
ClawScan security
MuleRouter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 17, 2026, 3:04 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, requirements, and runtime instructions are consistent with a MuleRouter/MuleRun image/video generation client — nothing in the package indicates it is trying to do something unrelated to its stated purpose, though there are a few small inconsistencies you should be aware of before installing.
- Guidance
- This package appears to be a normal MuleRouter/MuleRun client: it uploads images/videos (local files may be read and converted to base64) and sends them to the configured API using the provided API key. Before installing or running: 1) Verify you trust the package source (the registry metadata/homepage point to a GitHub repo). 2) Inspect pyproject.toml to see installed dependencies and ensure `uv` is legitimate in your environment. 3) Avoid storing high-value secrets in a project `.env` in a shared/workspace; prefer an environment variable injected securely by your runtime if possible. 4) Do not upload images or videos that contain sensitive information. 5) If you need stronger assurances, run the code in an isolated environment (container/VM) and review network traffic to confirm requests only go to the expected api.mulerouter.ai or api.mulerun.com endpoints.
Review Dimensions
- Purpose & Capability
- okName/description (MuleRouter image/video generation) match the included Python client, model registry, model-specific CLI scripts, and the declared need for an API key and network access to MuleRouter/MuleRun endpoints. Required binaries (python3, uv) and the single primary credential (MULEROUTER_API_KEY) are appropriate for a client that calls an external API.
- Instruction Scope
- noteSKILL.md instructs the agent to run provided Python scripts via `uv run` and to read local image files (converting them to base64) before uploading to the API. The code includes explicit validation that blocks reading common sensitive dirs (.ssh, .aws, /etc, /proc, etc.) and forbids reading .env files, which reduces risk. Note: SKILL.md recommends creating a `.env` in the skill working directory to hold the API key (this is expected but you should avoid placing high-value secrets in project directories).
- Install Mechanism
- noteNo external downloads or remote script execution URLs are present; dependencies are installed via `uv sync` as shown in SKILL.md and the metadata. However there's a minor coherence issue: the registry header stated 'No install spec — instruction-only', while SKILL.md and package metadata reference `uv sync` and include many code files. The package itself contains code (pyproject.toml), so running `uv sync` will install dependencies and write files to the environment — only run if you trust the source.
- Credentials
- okThe skill requires a single API credential (MULEROUTER_API_KEY) and one of MULEROUTER_BASE_URL or MULEROUTER_SITE to determine endpoint; this is proportional to the stated functionality. There are no unexpected secret env var requests or other unrelated credentials.
- Persistence & Privilege
- okThe skill is not set to always:true and does not request elevated or persistent system privileges. It does not modify other skills or system-wide configs. Autonomous invocation is enabled by default (disable-model-invocation is false) which is normal for skills — not an independent red flag here.