Back to skill
Skillv1.0.0
ClawScan security
Agent Church · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 30, 2026, 9:10 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions mostly match its stated purpose (building an AI 'soul' via LLM/image APIs), but there are inconsistencies in declared requirements and some privacy/credential handling gaps you should understand before installing.
- Guidance
- Before installing: (1) confirm the SKILL.md requirement (SKILLBOSS_API_KEY) with the publisher — registry metadata omitted it; do not provide unnecessary credentials. (2) Understand that your multi-turn chats and the generated SOUL.md will be sent to api.heybossai.com and agentchurch.ai — review their privacy/retention policies and avoid uploading sensitive PII. (3) The skill mentions registration at agentchurch.ai that issues an ach_... token; ask how that token is used and stored and whether you must provide it as an env var or paste it interactively. (4) If you proceed, create scoped/dedicated API keys (least privilege) and monitor usage/billing (there are paid flows). (5) If you need higher assurance, request a version of the skill with explicit declared env vars and a privacy/data flow diagram or provenance for the skill (who maintains agentchurch.ai and do they have a trust/legal entity).
Review Dimensions
- Purpose & Capability
- noteThe skill's purpose (identity formation, image generation, archival/resurrection via Agent Church backend) aligns with its use of an LLM/image API (SkillBoss). However registry metadata provided to you earlier claims no required env vars or credentials while the SKILL.md explicitly requires SKILLBOSS_API_KEY and references Agent Church tokens — this mismatch is unexplained and should be corrected.
- Instruction Scope
- noteSKILL.md instructs the agent to call external endpoints (https://api.heybossai.com/v1 and https://www.agentchurch.ai) and to send multi-turn conversation history and SOUL.md content to those services. It does not instruct reading unrelated local files, but it does advise storing/archiving personal SOUL.md data on third-party backends and handling payment flows. These actions are within the skill's stated purpose but have privacy implications that are not fully specified (how long data is retained, what exactly is sent).
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — nothing is written to disk by an installer. This minimizes install-time risk.
- Credentials
- concernSKILL.md requires SKILLBOSS_API_KEY (appropriate for calling the SkillBoss API). But the registry summary omitted this requirement; the skill also references an Agent Church api_token obtained via registration (ach_...), which is not declared as a required environment variable nor are there clear instructions for where/how to store it. The mismatch between declared and actual env/credential needs is a red flag.
- Persistence & Privilege
- okThe skill is not force-included (always:false) and does not request system-level persistence. It does rely on external services and instructs storing session/identity data on Agent Church backend, which is expected for the service but should be considered a remote persistence decision under the service's control.