Back to skill
Skillv1.0.0
ClawScan security
daily.dev Ask · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 10, 2026, 3:06 PM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions clearly require a daily.dev API token and access to OS secret stores, but the registry metadata does not declare any required environment variables or credentials—this mismatch is concerning and deserves attention before use.
- Guidance
- Before installing: (1) Note that the skill requires a daily.dev API token (DAILY_DEV_TOKEN) even though the registry metadata doesn't declare it—do not paste your token into chat; provide it only via an environment variable or a secure secret store. (2) The skill will try to auto-read common secret stores (macOS Keychain, Windows credential file, Linux secret-tool) — be aware it will attempt those lookups if present. (3) Confirm you trust the publisher: there is no source or homepage listed. If you don't want any component to auto-access local secret storage, do not install or only use a temporary, scoped token. (4) Ask the publisher to update the package metadata to explicitly declare the required DAILY_DEV_TOKEN and the exact scopes/permissions of that token before proceeding.
Review Dimensions
- Purpose & Capability
- concernThe skill's stated purpose (search daily.dev and synthesize answers) legitimately requires an API token (DAILY_DEV_TOKEN) and the SKILL.md documents how to obtain/use it. However, the registry metadata lists no required environment variables or primary credential. That omission is an incoherence between claimed requirements and actual instructions.
- Instruction Scope
- okThe runtime instructions stay on-purpose: they describe obtaining a daily.dev API token (from env or OS secure stores) and making authenticated curl calls to api.daily.dev endpoints, plus deduplication and synthesis rules. The instructions explicitly warn not to send the token to domains other than api.daily.dev and do not request unrelated system files or external endpoints.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files, so nothing is written to disk or fetched at install time. That minimizes install-time risk.
- Credentials
- concernThe skill needs a sensitive credential (token prefixed dda_) and prescribes reading it from environment variables or OS secret stores, but the published metadata did not declare this required env var or primary credential. Requiring access to OS secret stores to auto-retrieve tokens is reasonable for the purpose, but the metadata mismatch and the fact the skill will attempt to read common secret storage locations should be made explicit by the publisher.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request elevated or persistent platform privileges. It can be invoked by the agent (normal behavior), and it does not modify other skills or global agent configuration.