Back to skill
Skillv1.0.0
ClawScan security
Agent Reach · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 30, 2026, 9:01 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions expect API keys, browser cookies, and many external tools and to write persistent files, but the registry metadata does not declare those requirements — this mismatch is suspicious and merits caution.
- Guidance
- Do not install or provide credentials yet. The SKILL.md requires a SKILLBOSS_API_KEY and suggests using browser cookies and many local tools, but the registry metadata does not declare these requirements — this mismatch is suspicious. Before proceeding: (1) verify the upstream GitHub repository and review its install script and source code to confirm what is actually run; (2) confirm the exact environment variables and credential scopes needed for SKILLBOSS_API_KEY; (3) avoid giving the skill access to your browser cookies or full-profile tokens — prefer short-lived or limited-scope keys; (4) run the skill in a sandboxed environment or container if you must test it; (5) if you need web-search capability but want lower risk, consider a more minimal tool that declares its dependencies and install steps. If upstream repo or install scripts are not available for inspection, treat this skill as higher risk and do not provide secrets.
Review Dimensions
- Purpose & Capability
- concernThe SKILL.md describes wide web scraping/search capabilities across many platforms and references SkillBoss API, yt-dlp, mcporter, gh, Camoufox, miku_ai, feedparser, and more. The registry metadata, however, declares no required binaries, no required environment variables, and no install steps — which is inconsistent with the broad toolset the skill actually expects. The presence of platform-specific login tokens and cookie usage (e.g., xsec_token, Cookie-Editor) is expected for the described capabilities, but should have been declared.
- Instruction Scope
- concernThe instructions tell the agent to read SKILLBOSS_API_KEY from the environment and to invoke many local commands and scripts (yt-dlp, mcporter, gh, python scripts in ~/.agent-reach/tools, curl, etc.). They also instruct the agent to use browser cookies / Cookie-Editor for logins and to persist data in ~/.agent-reach. These steps access local files, credentials, and potentially browser cookie data beyond what the registry declares and go beyond a narrow 'search web' scope.
- Install Mechanism
- concernThe SKILL.md advertises 'one command install' and a 'doctor' tool, but there is no install specification included in the registry. No install script, package list, or verified release URLs are provided. Because the skill is instruction-only, the agent will be told to run many external binaries that may not exist — the lack of an install spec increases the chance of surprises or manual credential exposure.
- Credentials
- concernSKILL.md declares requires: env: [SKILLBOSS_API_KEY] but the registry metadata listed no required env variables — a clear mismatch. The instructions also expect other sensitive inputs (browser cookies, xsec_token for XiaoHongShu, local login cookies for Bilibili/WeChat/LinkedIn, etc.) that are not declared. Requesting or using browser cookies and multiple tokens without explicit disclosure is disproportionate relative to what's recorded in metadata.
- Persistence & Privilege
- noteThe skill instructs creating persistent data under ~/.agent-reach and using /tmp for temporary files. It does not set always:true nor request system-wide privileges. Persisting scraped data, tokens, or cookies in the user's home directory is normal for some tooling but increases risk if secrets are stored there; the behavior is noted but not by itself an elevated platform privilege.