Back to skill
Skillv1.0.0
ClawScan security
Business Opportunity Radar · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 18, 2026, 11:20 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The SKILL.md implements the described scraping + LLM analysis workflow, but the package metadata omits required credentials and output integrations and the instructions push data to third-party services—these mismatches and missing provenance are concerning.
- Guidance
- Before installing or running this skill, consider the following: - The SKILL.md requires APIFY_TOKEN and CLAUDE_API_KEY but the registry metadata does not declare them—ask the publisher to declare required env vars in the registry so you know what you'll be exposing. - This skill scrapes many sites and sends collected text to a third‑party LLM (Claude). Do not feed PII, credentials, or private customer data into it. Verify what data will be sent to the LLM and where results are stored. - The README references pushing results to Notion/Slack but gives no instructions for supplying those credentials; confirm what integrations are used and whether additional tokens are required. If so, prefer to create least-privilege tokens for those destinations. - Confirm the exact Apify actors and owners the skill will call (the SKILL.md uses apify actors like 'apify/apple-app-store-scraper'). Review those actors' owners and privacy policies before running them under your APIFY_TOKEN. - Check legal/ToS implications of scraping each target (Amazon, App Stores, Reddit, Product Hunt, forums). Consider rate limits and blocking risks; run initial tests in an isolated environment. - Because the skill's source/homepage is unknown, prefer only running it in a sandbox or with non-sensitive test data until the author and code provenance are verified. - If you plan to install npm packages as instructed, review the packages and consider installing them in a controlled environment (container or VM). If you need help vetting the publisher, listing the exact Apify actors used, or rewriting the skill to require credentials explicitly in the registry manifest, I can help with next steps.
Review Dimensions
- Purpose & Capability
- concernThe skill's stated purpose (scrape reviews and analyze them with an LLM) matches the SKILL.md code and architecture. However, the registry metadata declares no required environment variables or credentials while the SKILL.md explicitly instructs users to set APIFY_TOKEN and CLAUDE_API_KEY. The README also lists Notion/Slack outputs but does not declare credentials for those destinations. The skill's source/homepage is 'unknown', which reduces provenance and trust.
- Instruction Scope
- concernThe instructions explicitly direct broad web scraping (App Store, Play Store, Amazon, Reddit, forums, Product Hunt, G2, Trustpilot, Indie Hackers) and then send aggregated content to a third‑party LLM (Claude/OpenClaw). They mention outputs pushed to Notion/Slack but do not show how credentials or endpoints are supplied. Scraping and forwarding user content to external LLMs and unknown destinations increases data-exposure risk and may violate site terms—this scope is wider than what the registry metadata declares.
- Install Mechanism
- noteThis is an instruction-only skill (no install spec), which is lower platform risk, but SKILL.md tells users to run 'npm install apify-client axios node-cron dotenv fs-extra'. The mismatch (no install spec in registry) means the agent/operator must execute installs themselves; packages requested are reasonable for the task and no arbitrary binary downloads are referenced.
- Credentials
- concernRegistry metadata lists no required env vars, but SKILL.md requires APIFY_TOKEN and CLAUDE_API_KEY. It also references pushing results to Notion/Slack without declaring or documenting required Notion/Slack tokens. Requesting API keys for Apify and a Claude/OpenClaw key is proportional to the described functionality, but the metadata omission and undisclosed additional outputs (Notion/Slack) are inconsistent and risky.
- Persistence & Privilege
- noteThe skill is not marked 'always: true' and defaults allow model invocation (normal). Autonomous invocation combined with the need for third‑party credentials (Apify, Claude) increases the potential blast radius if the skill is later invoked without oversight, but the skill does not request system-level persistence or access to other skills' configurations in the provided content.