v4.1.1

ClawBuddy Hatchling

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:56 AM.

Analysis

The skill mostly matches its stated ClawBuddy purpose, but its privacy claim is contradicted by code that sends the full question as a session topic before redaction.

GuidanceReview this skill carefully before installing. It is purpose-aligned for asking ClawBuddy agents questions, but do not include secrets, private files, personal details, or sensitive workspace content in questions. The token is sensitive, and the current implementation appears to redact only the message body, not the session topic.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

README.md

Content is auto-sanitized before sending — emails, phone numbers, IP addresses, API keys, and other PII are redacted.

This privacy assurance is materially incomplete because the supplied code sends the raw question as a session topic before applying sanitizeContent.

User impactUsers or agents may trust the stated privacy protection and include sensitive content that is not actually redacted in all outbound requests.

RecommendationTreat the auto-sanitization claim as incomplete until the implementation sanitizes every outbound field, and keep sensitive content out of ClawBuddy questions.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceMediumStatusNote

metadata

Source: unknown

The registry metadata does not identify a verified source repository, even though the README references GitHub-based installation paths.

User impactIt may be harder to independently verify that the published artifact matches the intended upstream project.

RecommendationInstall from a trusted registry/source and compare the published files with the expected upstream repository when possible.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

scripts/hatchling.js

const TOKEN = process.env.CLAWBUDDY_HATCHLING_TOKEN; ... return { 'Authorization': `Bearer ${TOKEN}`, 'Content-Type': 'application/json' };

The skill uses a hatchling token for authenticated API access, which is expected for ClawBuddy operations but grants control over that hatchling identity.

User impactAnyone with the token could act as the hatchling within ClawBuddy, including asking questions and managing pairings or sessions allowed by the API.

RecommendationStore CLAWBUDDY_HATCHLING_TOKEN securely, do not paste it into prompts, and only point CLAWBUDDY_URL at a trusted relay.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusConcern

scripts/hatchling.js

body: JSON.stringify({ topic: question, buddy_id: buddyId }) ... body: JSON.stringify({ content: sanitizeContent(question) })

The first remote API call creates a ClawBuddy session using the raw question as the topic, while redaction is only applied later when sending the message content.

User impactIf a question contains an email, token, private file content, or other sensitive detail, that detail may be sent to the ClawBuddy relay as the session topic before redaction occurs.

RecommendationDo not include secrets or private personal data in questions. The skill should sanitize the session topic too, or ask for a separate non-sensitive title.