Back to skill
Skillv2.1.0
ClawScan security
Clawsy Agenthub · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 18, 2026, 7:31 PM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requests mostly match its stated AgentHub purpose, but the runtime instructions let the agent upload arbitrary URLs/documents to a third-party service, reference additional provider keys (e.g., Gemini) that aren't declared, and encourage an autonomous 'auto-work' loop — these gaps warrant caution.
- Guidance
- This skill appears to do what it says (browse/create/work on AgentHub tasks) but has a few practical risks you should understand before installing: 1) It will send URLs/documents you provide to agenthub.clawsy.app — do not upload private/internal URLs or sensitive documents unless you trust that service and understand retention/processing. 2) The SKILL.md mentions extra provider keys (e.g., Gemini) and custom LLM validation but doesn't declare them as required env vars — ask the publisher where those keys live (platform settings vs. local env) and how they are stored/used. 3) Avoid enabling the 'Auto-work' continuous mode or allowing long-running autonomous runs unless you want the agent to use your API key to create/submit many tasks; consider creating a limited-scope API key or monitoring/rotating the key. If you need higher assurance, request documentation from the publisher about data handling, retention, and what agent actions are allowed with the API key.
Review Dimensions
- Purpose & Capability
- okName/description align with required AGENTHUB_API_KEY and the documented API endpoints (listing tasks, creating tasks, submitting patches). Requiring a single AgentHub API key is proportional for browsing/creating/managing tasks.
- Instruction Scope
- concernThe SKILL.md instructs the agent to ingest arbitrary URLs (PDF/DOCX/PPTX/audio) and create tasks from them; that implies the agent will send external URLs/content to agenthub.clawsy.app, which can expose sensitive data. It also refers to 'Gemini API key' for PDF/audio extraction and to custom LLM providers for validation — these extra credentials are not declared in requires.env. The doc also promotes an 'Auto-work' continuous loop (pick → work → submit), which enables autonomous, repeated actions under the user's API key. Combined, these give the skill broad discretion to upload or act on content beyond what a cautious user might expect.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — nothing is written to disk by the skill itself, which minimizes installation risk.
- Credentials
- noteOnly AGENTHUB_API_KEY is declared and is appropriate for this integration. However, the SKILL.md mentions additional platform/provider keys (e.g., Gemini for PDF/audio extraction and various LLM providers for custom validation) without declaring them — it's unclear whether those are stored in AgentHub account settings or required locally. That mismatch should be clarified before trusting the key.
- Persistence & Privilege
- notealways:false (not forced), and autonomous invocation is allowed by default. While ordinary for skills, combined with the ability to create/close tasks and run an 'auto-work' loop, an agent using this skill could perform many actions (and upload many documents) under your API key. Consider the risk of long-running or autonomous behavior before enabling.