Skillv1.0.1

ClawScan security

Farcaster Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:29 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's scripts appear to implement the stated Farcaster/Neynar functionality, but the package metadata omits required binaries and environment variables and the runtime instructions include patterns (sourcing credentials from a file, a polling loop, third-party media upload) that you should review before installing.
Guidance: What to check before installing: - The code implements exactly what it claims (Farcaster via Neynar) but the registry metadata is incomplete: you must supply NEYNAR_API_KEY and NEYNAR_SIGNER_UUID and have curl, jq, and python3 available. Treat that omission as a red flag: prefer skills that declare their requirements explicitly. - Inspect the scripts yourself (they are plain bash). Pay special attention to the SKILL.md examples that show eval'ing jq on a JSON file you supply; only source credentials from files you trust, because eval-style commands can execute arbitrary content if misused. - The media-upload example posts files to a third-party host (litterbox.catbox.moe). If you will upload private images, review the privacy/security policy of that service or host media on a place you control. - The SKILL.md recommends a polling loop for mentions; continuous polling increases network traffic and risk of credential exposure in logs—if you enable monitoring, consider rate limits and where logs go. - Because the skill source and homepage are unknown, prefer installing from a trusted origin. If you plan to use it, require the owner to update registry metadata to list required env vars and binaries, and consider running the included smoke tests in an isolated environment first. If you want, I can produce a short checklist of commands to manually audit the scripts (what to grep for) or a set of recommended metadata fixes to ask the publisher to make.

Review Dimensions

Purpose & Capability: concernThe scripts and documentation implement a Farcaster client against the Neynar v2 API (posting, reading, searching, reacting, deleting). That matches the skill's name/description. However the registry metadata claims no required environment variables or binaries, while the SKILL.md, README, tests, and scripts clearly require NEYNAR_API_KEY and (for write operations) NEYNAR_SIGNER_UUID, plus runtime tools curl, jq, and python3. The omission of those requirements in the registry metadata is an inconsistency that should be corrected before trusting the skill.
Instruction Scope: noteSKILL.md and the shell scripts stay within the described Farcaster/Neynar functionality. Notable behaviors: it suggests eval'ing a jq command to export credentials from a JSON file (this runs jq on a local path you supply), it includes an example polling loop to repeatedly query mentions, and it demonstrates uploading media via a third-party service (litterbox.catbox.moe). These are reasonable for a CLI client but increase the risk surface (local file sourcing and long-running polling -> more opportunity for accidental credential exposure or unexpected network activity).
Install Mechanism: okThere is no install spec (instruction-only with shipped shell scripts). No remote downloads or archive extraction are performed by an installer. The presence of executable scripts means files will be present on disk when installed, but nothing in the repository attempts to fetch or execute arbitrary remote code at install time.
Credentials: concernThe scripts require NEYNAR_API_KEY for all API calls and NEYNAR_SIGNER_UUID for write operations; they also expect curl, jq, and python3. Those credentials are directly relevant to the skill's purpose (API access and signer identity), so they are proportionate — but the registry/metadata incorrectly lists no required env vars or binaries. That mismatch (declared zero vs actual required secrets/tools) is misleading and increases risk because a user may not realize they must provide an API key and signer UUID.
Persistence & Privilege: okThe skill does not request always:true, does not persist or modify other skills' configs, and only runs on invocation (user-invocable / agent-invocable is default). There is no evidence of privileged or permanent agent-wide hooks.