Skillv1.0.0

ClawScan security

Social Spy Monitor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 18, 2026, 11:22 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match its stated purpose (social listening), but the package metadata omits the sensitive environment variables and credentials the runtime explicitly requires, which is an incoherence you should resolve before installing.
Guidance: Before installing or running this skill: (1) treat the APIFY and CLAUDE API keys as sensitive — create limited-scope tokens or dedicated accounts if possible; (2) confirm the registry metadata is updated to list required env vars (APIFY_TOKEN, CLAUDE_API_KEY, and any Slack/Telegram webhook tokens) so you know what the skill expects; (3) audit the npm dependencies (and consider running in an isolated environment/container) because installing packages executes third-party code; (4) consider legal/ToS/privacy implications of scraping each platform and of forwarding scraped content to external endpoints (Slack/Telegram/email); (5) verify the Claude integration and key name (CLAUDE_API_KEY) with your provider — the example key format in the doc resembles other vendors and could be confusing; and (6) if you don't trust the skill owner or source, prefer implementing similar functionality with vetted libraries or vendor-provided integrations rather than running unreviewed scripts.

Review Dimensions

Purpose & Capability: noteThe SKILL.md describes a social-listening system (Apify scrapers, sentiment via Claude, Slack/Telegram alerts) and the code/instructions are consistent with that purpose. However, the registry metadata lists no required environment variables or primary credential even though the runtime clearly needs APIFY_TOKEN, CLAUDE_API_KEY, and optional Slack/Telegram credentials — a mismatch that reduces trust.
Instruction Scope: noteThe instructions and code focus on scraping many platforms (Twitter/X, Reddit, forums, news), running analysis, and sending alerts — all within the stated purpose. They also instruct installing npm packages and setting multiple environment variables. Nothing in SKILL.md asks the agent to read unrelated local files or other credentials, but it does authorize sending mention content to external endpoints (Slack webhooks, Telegram), so you should verify those endpoints before use.
Install Mechanism: noteThis is an instruction-only skill (no install spec), but it tells the operator to run 'npm install apify-client axios node-cron dotenv'. That is expected for a Node-based scraper/worker, but installing npm packages pulls third-party code — review dependencies and lockfile before running them.
Credentials: concernThe runtime requires multiple sensitive credentials (APIFY_TOKEN, CLAUDE_API_KEY, optional SLACK_WEBHOOK_URL and TELEGRAM_BOT_TOKEN/CHAT_ID) which are proportional to the task — but the registry metadata does not declare any required env vars or a primary credential. The missing declarations are an incoherence and increase the chance of surprises or misconfiguration.
Persistence & Privilege: okThe skill does not request always:true and does not declare any system config paths or modifications. Autonomous invocation is allowed (platform default) but not by itself a red flag here.