Skillv1.0.0

ClawScan security

XPR Creative · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 14, 2026, 5:10 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly does what it says (PDFs, images, videos, GitHub repos, IPFS pinning) but it silently expects secret credentials (Pinata JWT, likely GitHub credentials) that are not declared in the manifest or SKILL.md — this mismatch and the public IPFS / public repo behavior merit caution.
Guidance: Before installing, get answers to these specific questions from the skill author and take precautions: (1) Which environment variables does the skill actually require? The code uses PINATA_JWT and PINATA_GATEWAY and likely needs a GitHub token — these should be listed in the manifest and SKILL.md. (2) Understand where content is published: Pinata pins are effectively public on IPFS and create_github_repo makes public repos — do not allow the skill to upload private or sensitive data. (3) Limit token scope: if you provide a Pinata or GitHub token, restrict its permissions and use a throwaway/sandbox account when testing. (4) Ask for documentation on create_github_repo behavior (repo visibility, naming, and whether it includes credentials). (5) If you cannot validate the above, run the skill in a restricted/sandbox environment or decline to provide secrets. Finally, consider requesting the author to update skill.json and SKILL.md to explicitly declare required env vars and the privacy implications of IPFS and public repos before enabling autonomous use.
Findings: [uses_PINATA_JWT_env] expected: The code calls process.env.PINATA_JWT to upload JSON/binary to Pinata (pinJSONToIPFS / pinFileToIPFS). Using a Pinata JWT is expected for IPFS pinning, but the manifest and SKILL.md do not declare this required credential. [uploads_to_ipfs_via_pinata] expected: The code posts to https://api.pinata.cloud/pinning/* to pin data. That aligns with the stated IPFS storage capability, but it implies pinned content is public and tied to the Pinata account used. [creates_github_repo_credential_gap] expected: skill.json and SKILL.md expose a create_github_repo tool; creating public repos normally requires GitHub credentials, but no GITHUB_TOKEN (or equivalent) is declared. This credential omission is an incoherence to address. [downloads_external_urls] expected: The code fetches arbitrary https URLs to download images and other media for embedding into PDFs. Downloading external resources is expected for embedding, but it can pull remote content into deliverables and upload it onward to IPFS/GitHub.

Review Dimensions

Purpose & Capability: noteThe declared purpose (generate deliverables, upload to IPFS, create GitHub repos) matches the code and instructions: it downloads images, builds PDFs, can upload JSON/binaries to Pinata, and can create public GitHub repos. However, the skill.json and SKILL.md declare no required environment variables or credentials even though the code uses PINATA_JWT (and the create_github_repo tool will need GitHub auth in practice). That undeclared credential requirement is an inconsistency to be resolved.
Instruction Scope: noteSKILL.md instructs the agent to generate images/videos and upload them to IPFS, embed web images into PDFs, and create public GitHub repos. Those steps are within the stated purpose. Points to watch: the instructions insist uploads happen (IPFS) and insist on delivering actual content (not just URLs), which means potentially large uploads and public publication of user data; the SKILL.md does not tell users that uploads go to Pinata (or require a Pinata token) or that repos will be public.
Install Mechanism: okNo external install or remote downloads are specified; this is an instruction-and-bundled-code skill so nothing is fetched at install time. The runtime performs network calls (fetch) but there is no risky install mechanism in the manifest.
Credentials: concernskill.json.requires.env is empty and SKILL.md lists no required credentials, yet the code calls process.env.PINATA_JWT and process.env.PINATA_GATEWAY (and will need GitHub credentials to create repos). PINATA_JWT is a powerful secret that allows pinning arbitrary content to Pinata (public IPFS pinning). Requesting such secrets is proportionate to IPFS uploads, but the omission from the manifest and documentation is a red flag. The skill may attempt to upload user content to a public IPFS gateway or create public repositories — both can expose sensitive data if used with broad-scoped tokens.
Persistence & Privilege: okThe skill does not request always: true and does not declare modifying other skills or system-wide config. It stores deliverables in an in-memory Map (no persistent disk writes in the provided code excerpt). Autonomous invocation is allowed (the platform default); combined with the credential issues above this increases blast radius, but autonomous invocation alone is expected.