Skillv1.0.0

ClawScan security

Instant Client Report · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 28, 2026, 7:47 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions mostly match its stated goal (building an audit via Apify actors + Claude), but it omits declaring required credentials and leaves unclear what external data is collected, stored, or shared — these mismatches warrant caution before installing or supplying secrets.
Guidance: Before installing or supplying secrets: 1) Confirm with the publisher how the skill is invoked — specifically whether it will prompt for and store an Apify token or a Claude/API key, and whether those are kept only in-memory or persisted. 2) Ask the author to add required credentials to the registry metadata (apify_token, and any Claude/model key) so the platform can surface permission requests. 3) Verify what Apify actors actually need: some social/ads scrapers require account cookies or paid access — don’t hand over unrelated account credentials. 4) Clarify data handling: where scraped data and generated reports are stored, who can access them, and whether PII (reviews, contact info) will be collected or sent to external services. 5) If you will provide credentials, consider creating scoped/limited tokens (Apify tokens with limited scope) or test with throwaway accounts. 6) Because the skill's source/homepage is unknown, prefer running it in a controlled/testing environment first or request the SKILL author to publish source or more detailed privacy/security docs. These steps will reduce the risk that credentials or sensitive data are exposed unexpectedly.

Review Dimensions

Purpose & Capability: noteThe SKILL.md describes exactly the capability advertised (crawl a domain, run multiple Apify actors, then synthesize results with Claude). That is coherent. However, the skill expects an apify_token in its input examples and references Claude AI, yet the registry metadata declares no required environment variables or primary credential. The absence of a declared Apify token (and no mention of a Claude API/credential) is an inconsistency: the skill will need at least one external credential to run as described.
Instruction Scope: noteInstructions are focused on crawling and extracting data (website, SEO, ads, reviews, social metrics, tech stack) and then generating a report; they do not instruct reading system files or unrelated env vars. However, the workflow explicitly scrapes many external platforms (Google Search, Google Maps reviews, Facebook/Instagram ads) which can surface personal data or require session cookies/credentials. The SKILL.md does not specify data retention, where scraped data is sent/stored, or how Claude is invoked, leaving data-handling behavior unclear.
Install Mechanism: okThis is an instruction-only skill with no install spec or code files, so nothing will be written to disk by an installer. That is the lowest install risk.
Credentials: concernThe skill's example input includes an apify_token, but the registry metadata lists no required env vars or primary credential. It also mentions Claude AI but does not declare a model API key or explain how the model is invoked. Because the actors listed may require additional credentials or cookies (especially for ad/account-limited scrapers), the lack of declared credentials is disproportionate and understates what access secrets you might need to provide.
Persistence & Privilege: okThe skill is not marked 'always: true' and does not request elevated platform privileges or persistently modify other skills. Autonomous invocation is allowed by default (disable-model-invocation is false), which is normal — but combine that with credential omissions above to exercise caution.