Skillv1.0.0

ClawScan security

Clawie Research Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 12, 2026, 10:02 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to do what it says (research/reporting) but its metadata omits the CLIs and potential credential access it actually relies on, which is an incoherence the user should understand before installing.
Guidance: This skill looks like a legitimate research/reporting tool, but before installing: (1) confirm whether you have the CLIs it expects (gh, npm, curl, jq) and whether you want the skill to run them; (2) understand that gh/npm may read local credentials (e.g., GH_TOKEN, GitHub CLI config) — the skill's manifest does not declare this; (3) ask the publisher for a homepage/source and an explicit list of runtime dependencies and network endpoints; (4) if you proceed, run it in a sandbox or environment without sensitive credentials, or create least-privilege/read-only tokens; (5) if you need higher assurance, audit scripts/research.py locally to ensure it only performs the expected searches and doesn't transmit collected data to unknown endpoints.

Review Dimensions

Purpose & Capability: noteThe skill's stated purpose (deep research, structured reports) matches the included instructions and helper script. However the registry metadata lists no required binaries or credentials while the SKILL.md and scripts clearly rely on external CLIs (gh, npm, curl, jq) and network access — these runtime dependencies are not declared in the manifest.
Instruction Scope: concernThe SKILL.md instructs the agent to run network queries (DuckDuckGo API, Hacker News, RSS feeds) and local CLI commands (gh, npm, curl, jq). While expected for research, these commands can read or use locally-stored credentials (e.g., GitHub CLI config or GH_TOKEN) and will make outbound requests to arbitrary domains. The instructions do not acknowledge or constrain use of local credentials or sensitive files.
Install Mechanism: okThis is an instruction-only skill with no install spec, so nothing is automatically downloaded or written by the registry installer. The included Python helper is present but not installed automatically.
Credentials: concernThe skill declares no required environment variables or primary credential, yet it invokes tools (gh, npm) that commonly use user credentials/config stored on the machine. The manifest should declare these runtime requirements and warn about possible use of locally-configured tokens.
Persistence & Privilege: okThe skill does not request always:true and there is no indication it modifies other skills or system-wide settings. It appears not to persist or demand special platform privileges.