Skillv2.0.0

ClawScan security

AMLClaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 11, 2026, 3:16 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches an AML screening toolkit, but there are inconsistencies around external API usage and undeclared environment/credential needs that warrant review before installing.
Guidance: This repo appears to be a plausible AML screening toolkit, but take these precautions before installing or running it: - Review scripts/trustin_api.py and scripts/run_screening.py to confirm what external endpoints are called and what data they send. Network calls to third-party services are core to function but you should be sure you trust the endpoint. - Because README/SKILL.md mention TRUSTIN_API_KEY and .env, expect the code to accept an API key; the registry metadata did not declare it — treat any API key as sensitive and only provide it after code review. - Back up or inspect any existing ./rules.json before running: the skill will auto-copy a default ruleset into the working directory which can overwrite local configuration. - Verify provenance: 'source: unknown' and no homepage reduce supply-chain confidence. If possible, prefer installing from a verified upstream repository or run the code in an isolated/sandbox environment first. - If you plan to use it with real customer or production data, have a compliance/security engineer audit the code (especially network code and any logging) to ensure no accidental exfiltration of PII or secrets. If you want, I can (1) list the exact files and functions to inspect for network/callouts, (2) summarize what scripts/trustin_api.py appears to do, or (3) show how to run the tool in a safe sandboxed environment.

Review Dimensions

Purpose & Capability: noteName, description, SKILL.md, rulesets, policies, and Python scripts all match an AML/compliance screening toolkit: screening addresses, generating rules, and producing policies. The included defaults and large regulatory reference set are coherent with the stated purpose. Minor provenance concern: registry lists 'source: unknown' and no homepage even though README references a GitHub repo.
Instruction Scope: noteRuntime instructions direct the agent to run local Python scripts, read/write rules.json, read large reference documents, and generate reports — all expected for this skill. The SKILL.md also allows WebSearch and instructs copying a default ruleset into the working directory (which may overwrite an existing ./rules.json). The SKILL.md explicitly mentions TrustIn KYA API usage (desensitized data by default) and advises setting TRUSTIN_API_KEY for full data; however the registry metadata does not declare any required env vars. That mismatch (code/README/SKILL.md referencing an API and .env while registry declares no creds) is notable.
Install Mechanism: noteNo formal install spec in the registry (instruction-only), but files include requirements.txt and the Quick Start recommends pip install requests and python-dotenv. Absence of a registry-level install step is low technical risk but surprising; users should manually inspect requirements.txt and the Python scripts prior to running. No remote binary downloads or obscure URLs were shown in the manifest.
Credentials: concernRegistry declares no required environment variables or primary credential, yet README and SKILL.md reference an optional TRUSTIN_API_KEY and use of a .env (python-dotenv). The codebase contains scripts/trustin_api.py which likely makes network calls to TrustIn endpoints; this implies optional credential usage and network I/O not declared in the registry metadata. The undeclared potential for network calls and optional API key means environment/credential access is under-specified and should be verified before use.
Persistence & Privilege: okSkill is not set to always:true and does not request elevated system persistence. Instructions only write/overwrite files under the skill workspace (e.g., copying defaults/rulesets to ./rules.json, writing ./reports/). No evidence of modifying other skills or system-wide config in the provided files.