Skillv1.0.0

ClawScan security

Cloudinary Cli · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 12:55 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (upload to Cloudinary) matches the scripts' behavior, but there are multiple inconsistencies and surprising details around declared requirements, how credentials are handled, and how the installer locates/builds code.
Guidance: Key things to consider before installing/running this skill: - Metadata mismatch: the skill metadata does not declare required Cloudinary credentials, but the runtime requires CLOUDINARY_CLOUD, CLOUDINARY_KEY, and CLOUDINARY_SECRET. Treat this as a warning sign and verify expected requirements before proceeding. - Secrets handling: the scripts expect a plaintext file at cmd/cli/.env and will export its contents into the environment. Do not store production credentials in plaintext in the repo. Prefer using a secure secret store or ephemeral/test keys. - Source-to-binary risk: install.sh builds whatever is at ./cmd/cli in the discovered project root (it finds the nearest go.mod by walking up). If you run this inside a repository you don't fully trust, the build could produce and run code you didn't review. Inspect the cmd/cli source before building or run the build in an isolated environment. - Inconsistency between docs and code: SKILL.md claims the agent will prompt for missing env values and write them, but upload.sh actually errors if .env is missing. Expect manual setup (creating .env) unless you add a safer prompting/writing flow. - If you decide to use it: audit the cmd/cli source (the Go code), ensure .env is kept out of commits (add to .gitignore), and use least-privilege Cloudinary credentials (rotate/delete keys after testing).

Review Dimensions

Purpose & Capability: concernThe SKILL.md and scripts implement a Cloudinary CLI uploader and require CLOUDINARY_CLOUD/KEY/SECRET, and a local Go build of ./cmd/cli — that is coherent with the stated purpose. However the skill metadata declares no required environment variables or primary credential while the runtime explicitly needs Cloudinary API credentials; this metadata mismatch is misleading.
Instruction Scope: concernInstructions direct the agent to read and export cmd/cli/.env and to build/run a local binary. SKILL.md says the agent should 'prompt the user for missing values and write them to cmd/cli/.env', but the provided upload.sh script does not implement prompting/writing (it errors out if .env is missing). The scripts export the entire .env into the environment (export $(grep -v '^#' "$ENV_FILE" | xargs)), which can leak secrets to any child processes. The installer/search logic walks up the filesystem to find go.mod, which can pick up a different project root than the user expects.
Install Mechanism: noteThere is no registry install; install.sh runs a local 'go build -o cloudinary-cli ./cmd/cli/' after locating a go.mod. This is low-risk in that it doesn't download arbitrary binaries, but it will compile whatever source exists at ./cmd/cli in the discovered project root — potentially building unintended or malicious code if the workspace contains untrusted source.
Credentials: concernThe required credentials (CLOUDINARY_CLOUD, CLOUDINARY_KEY, CLOUDINARY_SECRET) are appropriate for a Cloudinary uploader, but the skill metadata omits these requirements. The runtime practices (writing/reading a plaintext cmd/cli/.env and exporting all variables) raise the risk of accidental credential exposure (committing .env to source control or leaking to child processes).
Persistence & Privilege: okThe skill is not always-enabled and does not request system-wide persistence or modify other skills. It runs on-demand and builds/executes a local binary — normal for a CLI helper.