Skillv1.1.0

ClawScan security

Apiosk Publish · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 26, 2026, 7:33 PM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, runtime instructions, and dependencies align with its stated purpose (publishing/managing Apiosk listings); the main concerns are secure handling of your private key and a few minor documentation gaps.
Guidance: This skill appears to do what it says: sign and call Apiosk gateway endpoints. Before use, review and consider the following: - Private-key handling: avoid putting long-term/large-value private keys in APIOSK_PRIVATE_KEY or passing them on the command line. CLI args can be visible to other local users via process listings; prefer a securely permissioned ~/.apiosk/wallet.json with restricted file permissions or a signing workflow that uses a hardware wallet. - Verify the skill's origin: source/homepage are listed as unknown/none; the package metadata references a GitHub repo—if you plan to use it, fetch the repository from the official source and inspect it yourself rather than trusting a copy from an unknown origin. - Missing setup script: README mentions a setup-wallet.sh but it isn't included. Verify how you will create ~/.apiosk/wallet.json and ensure that script (if used) is trustworthy. - Run in a restricted environment: if you're unsure, run these scripts in an isolated machine/container and test with a wallet that holds minimal funds. - Confirm 'cast' is the expected local Foundry binary and not a malicious replacement on PATH. If you want higher assurance, request the canonical upstream repository or a signed release and/or have someone audit how private keys are loaded and invoked.

Review Dimensions

Purpose & Capability: okName/description match the code and SKILL.md: all scripts call only https://gateway.apiosk.com and implement register/list/update/delete flows. Declared binaries (curl, jq, cast) and the wallet files are reasonable for the stated functionality. No unrelated services, credentials, or binaries are requested.
Instruction Scope: noteRuntime instructions and scripts stay within the publishing/management scope and only reference wallet files (~/.apiosk/*) and standard utilities. One minor mismatch: README references apiosk-skill/setup-wallet.sh creating ~/.apiosk/wallet.json, but that setup script is not included. Also, SKILL.md and scripts allow supplying the private key via APIOSK_PRIVATE_KEY or --private-key; the scripts then pass that key on the command-line to 'cast', which can expose it to local process listings.
Install Mechanism: okNo install spec; this is instruction-plus-shell-scripts only. Nothing is downloaded or written outside the repository except expected reads of ~/.apiosk/*. This is the lowest-risk install type.
Credentials: noteThe skill reads wallet address/private_key from ~/.apiosk/wallet.json (or wallet.txt) and accepts APIOSK_PRIVATE_KEY and --private-key. Those are proportional to the task (signing management requests), but handling private keys is sensitive: passing a private key via environment variable or CLI arg may expose it to the environment or other local users/processes. The scripts do not transmit the raw private key to the remote gateway (they send only signatures), which is appropriate.
Persistence & Privilege: okalways is false and the skill does not modify system-wide configuration or other skills. It reads wallet files under ~/.apiosk/ and writes nothing outside the repo—no elevated persistence requested.