Skillv1.2.2

ClawScan security

Fastapi Studio Template · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 28, 2026, 4:41 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is mostly coherent for a FastAPI studio template and legitimately requests Langfuse keys for tracing, but the instructions omit dependency and data-sanitization guidance and could cause sensitive data to be sent to Langfuse or trigger large model downloads — review before use.
Guidance: This template appears to do what it says, but check these things before installing/using it: - Langfuse keys: Only supply LANGFUSE_PUBLIC_KEY and LANGFUSE_SECRET_KEY if they belong to a Langfuse instance/account you control. Traces often contain prompts and outputs — do not send secrets or PII unless you understand retention/visibility. - Data sanitization: The SKILL.md gives no guidance on redaction. Add explicit scrubbing/filtering of prompts/results before tracing if you will send traces to Langfuse. - Dependencies and downloads: The instructions reference libraries (mflux, torch, langfuse SDK, etc.) and model loading that may download large model weights from the network. Review and pin the dependencies you install and be prepared for heavy resource usage. - Network assumptions: The metadata claims outbound calls are only to the user's Langfuse instance, but model-loading code may also trigger downloads from model repositories. Confirm any network endpoints used and restrict as needed. - Testing: Try the template in a controlled environment (no production data) first. If you don't need tracing, omit the LANGFUSE_* env vars or disable the Langfuse integration. If you want more certainty, ask the maintainer for a full dependency list, the Langfuse integration snippet (not truncated), and where model weights will be fetched from so you can audit endpoints before running.

Review Dimensions

Purpose & Capability: okName and description (FastAPI + HTMX studio with realtime SSE and Langfuse tracing) match the declared requirements: python3 and LANGFUSE_PUBLIC_KEY / LANGFUSE_SECRET_KEY. Requesting Langfuse credentials is reasonable for a template that documents Langfuse tracing.
Instruction Scope: concernSKILL.md contains concrete runtime patterns (SSE queue pattern, blind-test logic, singleton model registry, SQLite schema, and Langfuse tracing). It does not instruct the agent to read unrelated system files or other credentials, but it omits guidance about what data is sent to Langfuse (prompts, outputs, user metadata) and how to sanitize or opt out. The model-loading examples (mflux/Flux1, SDXL on MPS, torch calls) imply heavy downloads and local resource use but the skill provides no dependency or network-fetch guidance for model weights. Truncated Langfuse code prevents verifying whether traces redact sensitive content.
Install Mechanism: okNo install spec (instruction-only) — lowest disk/write risk. However, the template expects Python libraries (fastapi, htMX-related front-end, langfuse SDK, mflux, torch) that are not listed; users must install these themselves, which is a usability but not a direct supply-chain red flag given this is a template.
Credentials: noteAsking for LANGFUSE_PUBLIC_KEY and LANGFUSE_SECRET_KEY is consistent with the stated Langfuse tracing feature. That said, Langfuse traces commonly include prompts, outputs, and metadata — these may contain sensitive user data. The SKILL.md does not require unrelated credentials, but it also lacks instructions to limit or redact sensitive fields before sending traces.
Persistence & Privilege: okalways is false and the skill is user-invocable only. There is no install script altering other skills or system-wide config. No elevated persistence privileges are requested.