Back to skill
Skillv1.1.1
ClawScan security
AirShell ๐ข ยท ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 6, 2026, 10:23 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions are consistent with an AirShell sensor playbook; it requests no unrelated credentials or installs, but it expects the agent to read its gateway config (to find a webhook URL/token) and optionally use local purifier credentials โ so review how webhook tokens and purifier credentials are handled before enabling.
- Guidance
- This skill appears to do what it says: monitor a local AirShell sensor, advise on COโ/PM2.5/temp/humidity, and optionally push config and control a purifier. Before installing, consider: (1) Source is unknown โ review files yourself if you need higher assurance. (2) Webhook token exposure: the skill asks the agent to find its gateway webhook URL and token and POST that to the device so the sensor can call back. Only use this with devices you trust on your network (untrusted devices could capture that token). If possible create a scoped/dedicated webhook or token for the sensor. (3) Purifier control is optional but requires storing VeSync credentials in environment variables โ follow the docs and avoid hardcoding secrets. (4) The skill will call the local device_url and open-meteo; ensure device_url points to a trusted local IP/Tailscale host. If you want to reduce risk, run the setup interview and push config manually rather than letting the agent discover and post secrets automatically.
Review Dimensions
- Purpose & Capability
- okThe name/description (air quality sensor playbook) matches what the files do: reading docs, polling a local device_url, posting device config, and optional purifier control. The included vesync example aligns with the documented optional purifier control in references/deployment.example.md.
- Instruction Scope
- noteRuntime instructions tell the agent to read local reference docs, call local device endpoints (GET {device_url}/status, POST {device_url}/config), and to determine the agent's webhook URL/token from the agent/gateway configuration. That gateway/token lookup is necessary for webhook-based operation but does require the agent to access its gateway config (potentially secrets). Instructions do not ask the agent to read unrelated user files or exfiltrate data to third-party endpoints; the only external web API is open-meteo for weather checks.
- Install Mechanism
- okNo install spec is provided (instruction-only), and the only code file is an optional example script. Nothing is downloaded or written to disk by an installer in the skill metadata.
- Credentials
- noteThe skill declares no required env vars. The optional vesync example script does expect VESYNC_EMAIL / VESYNC_PASSWORD / VESYNC_DEVICE if the user chooses automatic purifier control; these are documented in the example but not mandatory. The agent will need access to its own webhook token or gateway config to configure the sensor, which is proportionate to the stated webhook-based design but is a sensitive capability the user should understand.
- Persistence & Privilege
- okalways:false and normal autonomous invocation. The skill writes and reads its own references/deployment.md as part of setup (expected). It does not request persistent system-wide privileges or modify other skills' configs.