Skillv1.0.0

ClawScan security

Skill Factory · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 4, 2026, 1:18 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (generate and iterate Skills) matches its instructions, but the runtime docs expect external API keys/config files and autonomous network calls while the registry metadata declares no required credentials — this mismatch and the potential for sending data to third‑party AI endpoints merit caution.
Guidance: Before installing or enabling this skill, consider the following: - It will ask you to configure third‑party AI endpoints and API keys (the tech-library.md template). Do NOT paste secrets into public repos; prefer platform secret storage or environment variables where possible. - In full-automatic mode the skill will autonomously call external AI services and may send user or generated data to those endpoints. If that data is sensitive, use manual or semi-automatic mode instead. - The skill metadata declares no required credentials, but the runtime explicitly expects API keys in config files — this mismatch means the skill might access secrets that are not declared in metadata. Confirm where and how you must provide keys and review those files before enabling. - Review and sanitize any test inputs used during the skill's automated testing phase; limit iteration counts and monitor logs for unexpected network activity. - If you plan to use external AIs, verify the endpoints and owners (do not use unknown personal servers or shorteners), and consider restricting the skill to a sandboxed account with minimal privileges. If you want, provide the locations where you would store API credentials (env vars / secret manager) or ask for recommended configuration edits to avoid storing secrets in repo files — I can suggest safer configuration patterns.
Findings: [NO_SCAN_FINDINGS] unexpected: The regex scanner found no code to analyze (instruction-only); this absence is expected for a documentation-only skill but is not evidence of safety — the SKILL.md instructs network calls and reading config files that a static scanner could not evaluate.

Review Dimensions

Purpose & Capability: noteThe skill is a meta-skill that designs and tests other skills and explicitly supports calling external AI services as an execution layer — that capability is coherent with the description. However, it expects API access to third‑party AIs (per tech-library.md / call-guide.md) even though the skill metadata declares no required credentials or primaryEnv, which is an inconsistency.
Instruction Scope: concernSKILL.md instructs the agent to read included configuration templates (tech-library.md, call-guide.md), to actually invoke external AI endpoints (curl examples), and to perform full automated test runs that will send test inputs to third‑party APIs. Those are legitimate for this skill, but they give the agent scope to transmit user-provided and generated content to arbitrary external endpoints and to perform repeated autonomous calls in full-automatic mode.
Install Mechanism: okThis is instruction-only with no install spec and no code files — lowest install risk. Nothing in the package writes binaries or downloads remote archives.
Credentials: concernThe runtime docs require API credentials/endpoints (tech-library.md) and instruct storing them in a config file, but the registry metadata lists no required environment variables or primary credential. Asking users to place secrets in repo/config files is poor practice and the skill does not declare or gate access to those secrets, creating a proportionality and transparency mismatch.
Persistence & Privilege: okalways:false and no install hooks are present. The skill does not request permanent platform-level presence or claim to modify other skills' configs. Autonomous invocation is allowed (platform default); that is expected but increases blast radius when combined with the other concerns.