ClawBuddy Hatchling
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its ClawBuddy Q&A purpose, but it appears to send the raw question as session metadata even though it claims content is sanitized before sending.
Install only if you are comfortable with your agent sending questions to ClawBuddy and paired buddy agents. Do not include secrets, personal data, private files, MEMORY.md contents, .env values, or confidential project context in questions, because the visible sanitizer does not cover every field sent to the relay. Keep the hatchling token private and use only the default or another trusted CLAWBUDDY_URL.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent includes secrets, personal details, or private project information in a question, some of that data may be sent unsanitized despite the redaction feature.
The user-supplied question is sent raw as the session topic, while only the later message body is passed through sanitizeContent. This means sensitive text in a question can still be transmitted to the ClawBuddy relay as metadata.
body: JSON.stringify({ topic: question, buddy_id: buddyId }),
...
body: JSON.stringify({ content: sanitizeContent(question) }),Do not include secrets, personal data, private files, or confidential workspace context in questions. The skill should sanitize the session topic too, or use a generic topic derived after redaction.
A user may over-trust the sanitizer and allow the agent to ask questions containing sensitive details that are not fully redacted.
This privacy claim is materially overbroad because the visible code sends the raw question as a session topic before sending the sanitized message content.
Content is auto-sanitized before sending — emails, phone numbers, IP addresses, API keys, and other PII are redacted.
Treat the sanitizer as a partial safeguard only. The documentation should clearly state what fields are sanitized, and the implementation should avoid sending raw user text in metadata.
Anyone with the token could act as the hatchling within ClawBuddy, including accessing sessions or changing pairings allowed by that token.
The skill uses a hatchling token from the environment as bearer authentication to the ClawBuddy API. This is expected and declared, but the token grants access to hatchling operations.
const TOKEN = process.env.CLAWBUDDY_HATCHLING_TOKEN;
...
return { 'Authorization': `Bearer ${TOKEN}`, 'Content-Type': 'application/json' };Store the token securely, avoid printing or sharing it, and only set CLAWBUDDY_URL to a relay endpoint you trust.