Back to skill
Skillv1.0.4
ClawScan security
Agentgate Clawhub · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 20, 2026, 1:19 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions are coherent with an API-gateway proxy for personal services; it asks only for an API URL and token and contains no surprising installs or file accesses.
- Guidance
- This skill is internally consistent, but it gives any agent that has AGENT_GATE_TOKEN the ability to read your connected services and submit writes for approval. Before installing: (1) ensure AGENT_GATE_URL points to a legitimate, HTTPS-protected agentgate instance you control; (2) run the agentgate server on a separate host as recommended; (3) create a scoped API key for the agent with minimal permissions and keep it secret; (4) verify the human-in-the-loop approval workflow is enabled and that 'bypass/trusted agent' modes are not enabled for this key unless you fully trust the agent; (5) review agentgate.org / your instance docs and admin UI to confirm how requests are logged/audited and how to rotate/revoke keys if needed.
Review Dimensions
- Purpose & Capability
- okName/description (API gateway with human approval) matches the declared env vars (AGENT_GATE_URL, AGENT_GATE_TOKEN) and the SKILL.md examples (HTTP GET/POST to the gateway). Required credentials are exactly what an agent would need to call a gateway service.
- Instruction Scope
- okSKILL.md instructs the agent to make HTTP calls to the configured AGENT_GATE_URL and to include the AGENT_GATE_TOKEN in Authorization headers. It does not instruct the agent to read unrelated files, other env vars, or system paths, nor to send data to unexpected endpoints outside the declared gateway.
- Install Mechanism
- okThis is instruction-only with no install spec and no code on disk; there is no download or package install behavior to review, which minimizes install-time risk.
- Credentials
- okThe skill requires two env vars (base URL and API token) which are proportionate and expected for a remote API gateway. No extraneous secrets or unrelated credentials are requested.
- Persistence & Privilege
- okThe skill is not marked always:true and has no install footprint. disable-model-invocation is false (the platform default) — this is normal and not a standalone concern. The SKILL.md warns the server should run on a separate host, which is a safer deployment pattern.