Skillv1.0.0

ClawScan security

Venn Nino · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 23, 2026, 8:07 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose and runtime behavior largely match, but it instructs the agent to clone and build third‑party code from GitHub (a feature branch) and install/execute a local binary — a materially risky install pattern that isn't fully justified or provenance‑verified.
Guidance: Before installing: verify the GitHub repository and the maintainer (mansilladev) and inspect the code on the named branch; prefer an official release tag over an arbitrary feature branch. Understand the install will run npm/pnpm and build code, creating ~/.local/share/vennporter and ~/.local/bin/vennporter — only proceed if you trust that code. Confirm the VENN_UNIVERSAL_URL you provide points to your trusted Venn MCP endpoint (the skill will use it to access many enterprise services via OAuth). If unsure, run the install in an isolated environment or container, or ask the publisher for a signed release or official package URL. Finally, be aware OAuth/device code will produce tokens stored locally by the client — review where tokens are persisted and rotate/revoke them if you later uninstall or distrust the tool.

Review Dimensions

Purpose & Capability: okName/description (Venn MCP gateway for enterprise tools) align with the runtime requirements: the skill requires a VENN_UNIVERSAL_URL and a vennporter client binary, which are appropriate for a gateway/client integration.
Instruction Scope: noteSKILL.md confines actions to installing/using vennporter, registering the provided MCP URL, and performing OAuth/device‑code auth. It asks the agent to save the URL to openclaw.json and run local commands. It does not instruct reading unrelated system files or exfiltrating arbitrary data. Minor incoherences: metadata/version strings differ across files and the install path referenced in some places (~/.openclaw/workspace/skills/venn/...) depends on extraction location but the included script lives at scripts/install-vennporter.sh — this is a small packaging/path inconsistency to be aware of.
Install Mechanism: concernAlthough the install uses a GitHub repo (better than a random IP or pastebin), the script clones a third‑party repo (https://github.com/mansilladev/mcporter) from a feature branch (feat/device-code-grant), runs npm/pnpm install and build, and writes an executable to ~/.local/bin/vennporter which will be executed. Fetching and building arbitrary code locally is a moderate‑to‑high risk action unless you can verify the repository and maintainer; the use of a feature branch increases uncertainty about provenance and review.
Credentials: okThe skill only requires a single environment value VENN_UNIVERSAL_URL (a URL, not an API key). However, the OAuth/device-code flow will produce tokens that the installed client will store locally (expected for this use case). No unrelated credentials or paths are requested.
Persistence & Privilege: noteThe skill does not request always:true and does not modify other skills. It will install a user‑owned binary and configuration under the user's home (~/.local), and the installed client will persist config/auth tokens locally — expected but worth noting because the installed binary can be invoked autonomously by the agent in later runs.