Skillv1.0.0

ClawScan security

Automation Tool · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 8, 2026, 12:07 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (bulk content generation) matches its instructions, but the runtime directions reference web-search, publishing, and execution capabilities without declaring required credentials or limiting where data is sent — this mismatch and the broad file/exec permissions are worth caution.
Guidance: This skill appears to do what it says (bulk content generation), but it gives the agent broad runtime powers (web searching, running shell scripts, reading/writing files, and publishing) while declaring no required credentials. Before installing: 1) confirm what web_search and publishing integrations will be used and what credentials or tokens are required and where they will be stored; 2) restrict or sandbox the skill’s ability to run shell commands and access sensitive files; 3) require explicit user consent/approval before any automatic publishing; 4) test in a safe environment to verify it doesn't transmit data to unexpected endpoints. If possible, ask the author to declare required env vars and to document which platforms/endpoints the skill will publish to and how credentials are managed.

Review Dimensions

Purpose & Capability: noteThe name/description (content/report/script generation, batch processing) align with the SKILL.md: it explicitly uses browser/web_search/exec/read/write/message for collection, generation, file IO and publishing. Those tools are reasonable for the stated purpose. However the SKILL.md mentions web_search needs an API and publishing to platforms, yet the skill declares no required environment variables or credentials — a proportionality/declared-requirement mismatch.
Instruction Scope: concernRuntime instructions give the agent broad authority: use browser/web_search to collect data, analyze competitors, run exec for automation scripts, and read/write files and schedule publishing. Those actions are coherent for automation but are open-ended (no limits on which endpoints/platforms to publish to or what local files may be read). The SKILL.md also references publishing/publishToPlatform and cron jobs without specifying credential or endpoint constraints, which increases the risk that the agent could send generated content or collected data to external targets.
Install Mechanism: okInstruction-only skill with no install spec and no code files — nothing is written to disk by an installer. This is the lowest-risk install pattern.
Credentials: concernThe document explicitly references tools that typically require credentials/APIs (web_search API configuration, publishing to platforms) but the registry metadata lists no required env vars or primary credential. That absence is a mismatch: the skill will likely rely on platform-provided credentials or expect the agent environment to already contain tokens, which should be disclosed and scoped.
Persistence & Privilege: okNo elevated persistence requested (always:false). The skill does not declare actions that modify other skills or global agent config. Autonomous invocation is allowed (default), which is normal and not flagged by itself.