Back to skill
Skillv1.0.1
ClawScan security
Direct Analysis · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 17, 2026, 5:03 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill claims to analyze Yandex.Direct campaigns (which matches its name) but its runtime instructions require YANDEX_TOKEN and CLIENT_LOGIN while the metadata declares no required environment variables and the source is unknown — an inconsistent and potentially risky gap.
- Guidance
- This skill's core functionality (Yandex.Direct analysis) is plausible, but the SKILL.md references YANDEX_TOKEN and CLIENT_LOGIN while the package metadata declares no required env vars and the source/homepage are unknown. Before installing: (1) ask the publisher to disclose source code or a homepage and to formally declare required env vars and the exact API endpoints and scopes; (2) only provide a read-only Yandex token with the minimal scopes needed for stats; (3) prefer installing in an isolated account or environment; (4) if you won't provide credentials, avoid giving this skill access — the current manifest is inconsistent and could prompt the agent to search for or request secrets.
Review Dimensions
- Purpose & Capability
- concernThe skill's stated purpose (Yandex.Direct campaign analysis) matches the steps in SKILL.md. However the SKILL.md explicitly says to 'Use YANDEX_TOKEN and CLIENT_LOGIN' yet the registry metadata lists no required environment variables or primary credential. That mismatch is unexpected and incoherent: a Yandex integration legitimately needs credentials and should declare them.
- Instruction Scope
- concernInstructions tell the agent to obtain campaign statistics using YANDEX_TOKEN and CLIENT_LOGIN and to compute CTR/CPC/etc., but they do not specify API endpoints, expected scopes, or how to handle credentials safely. Because env vars are not declared, the agent might look for or attempt to access undeclared environment variables or other context — scope creep risk.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files. Required binary is curl, which is reasonable for calling web APIs. No arbitrary downloads or on-disk installs are present.
- Credentials
- concernThe SKILL.md requires sensitive credentials (YANDEX_TOKEN and CLIENT_LOGIN) but the skill metadata does not declare any required env vars or a primary credential. Asking for advertising-account credentials is proportionate to the stated purpose only if those credentials and scopes are declared and limited; that is not the case here.
- Persistence & Privilege
- okalways is false and the skill is user-invocable. It does not request persistent or elevated platform privileges in the manifest. Autonomous invocation is allowed by default but is not combined with other high-risk indicators here.