Skillv1.0.5

ClawScan security

aiXplain Agent Builder · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 6:11 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions are coherent with its stated purpose (conservative, read-only-first agent building), but the registry metadata omits a clearly-used credential and there is a minor mismatch between declared requirements and the examples — worth clarifying before installing.
Guidance: This skill appears to be what it claims — a conservative, read-only-first planner for aiXplain agents — but double-check these points before installing or using it: - Confirm credential handling: the SKILL.md examples use AIXPLAIN_API_KEY, but the registry metadata lists no required env vars. Ask the publisher to explicitly declare AIXPLAIN_API_KEY (or clarify how the SDK will authenticate). Until then, do not paste secrets into chat; store the API key in a secure environment variable and supply it to the runtime. - Verify OAuth flows and approval gates: the skill may create integration tools that remain pending until you complete OAuth redirects. Ensure you understand and manually approve any step that will add authenticated integrations, enable write actions, upload files, or create runtime-execution tools. - Test in a sandbox: run a read-only plan and an approval prompt flow in a development account to confirm behavior matches the documentation (no unexpected uploads or external endpoints). - Ask for metadata fixes: request that the publisher update registry metadata to list the AIXPLAIN_API_KEY requirement (or explain alternative auth) so automatic checks and reviewers are accurate. If the publisher updates metadata to declare the expected env vars and confirms there are no hidden endpoints or install steps, this assessment could be upgraded to benign.

Review Dimensions

Purpose & Capability: okName, description, and SKILL.md all describe planning, discovery, and conservative agent-building; the included examples and permitted/forbidden actions align with that purpose.
Instruction Scope: noteInstructions stay focused on planning, read-only discovery, marketplace searches, and requiring explicit approval for risky operations. They reference SDK calls and Studio links only. However, example code uses os.getenv('AIXPLAIN_API_KEY') even though the skill metadata does not declare any required environment variables — an inconsistency to clarify.
Install Mechanism: okInstruction-only skill with no install spec and no bundled code — lowest-risk delivery mechanism. Nothing is downloaded or written to disk by the skill bundle itself.
Credentials: concernThe examples clearly require an AIXPLAIN_API_KEY (SDK usage), but the registry metadata lists no required environment variables or primary credential. That mismatch could cause incorrect expectations and may lead users to paste credentials into chat or otherwise handle secrets insecurely. No other unrelated credentials are requested.
Persistence & Privilege: okalways:false and no install-time persistence. The skill does not request system-wide config changes or other skills' credentials and explicitly favors read-only and approval-gated operations.