Skillv1.0.0

ClawScan security

myskill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 16, 2026, 7:52 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's public instructions are a benign skill-finder, but an included Python script contradicts the manifest by accessing an undeclared API key, writing a sample skill to disk, and calling an agentscope Toolkit API — this mismatch is unexplained and warrants caution.
Guidance: This skill's visible instructions are harmless (searching with 'npx skills'), but the included Python script deviates from the manifest in ways that could have side effects. Before installing or letting an agent run this skill: 1) Ask the publisher why the Python script is included and why it needs DASHSCOPE_API_KEY (not advertised). 2) Review or run the Python file only in a sandbox to see what it does (it creates sample_skill/ and calls Toolkit.register_agent_skill). 3) Avoid allowing automated/global installs with '-g -y' without explicit user confirmation. 4) If you don't intend to run the Python script, consider removing or isolating it; if you do need its functionality, require the manifest be updated to declare the DASHSCOPE_API_KEY dependency and any filesystem/config changes. If the publisher can't explain the mismatch, treat the package as untrusted.

Review Dimensions

Purpose & Capability: concernSKILL.md describes a lightweight 'find and install skills' helper that uses the Skills CLI (npx skills). However, the package also contains a Python script that creates a local 'sample_skill' directory, registers that skill via an agentscope Toolkit, and constructs a DashScopeChatModel that reads os.environ['DASHSCOPE_API_KEY']. The script's dependencies and environment access (DashScope API key, agentscope) are not reflected in the skill metadata and are not necessary for the described find/install functionality.
Instruction Scope: noteThe runtime instructions (SKILL.md) are limited to guiding an agent to use 'npx skills find' and 'npx skills add'. Those instructions are coherent. However, SKILL.md does not mention the included Python script at all. The instructions also recommend 'npx skills add ... -g -y' which installs globally and skips confirmations — a potentially risky operation if performed without explicit user consent.
Install Mechanism: noteThere is no install spec (instruction-only), which is low risk. But the repository includes an executable Python file that, if run, will write files to the current working directory (creates sample_skill/SKILL.md) and calls Toolkit.register_agent_skill. The package does not declare this behavior, so the presence of code capable of filesystem writes is an unexpected surface area.
Credentials: concernManifest declares no required environment variables, yet the Python script directly references os.environ['DASHSCOPE_API_KEY'] (required at runtime). This is a clear mismatch: the skill asks for an API key it never declared and which is unrelated to the stated purpose of searching/installing skills.
Persistence & Privilege: noteSkill flags are default (no 'always' privilege). The Python script registers a skill via Toolkit.register_agent_skill and writes a sample skill directory, which may modify agent skill registrations or leave files on disk if executed. The metadata does not disclose any config path modifications; this discrepancy is noteworthy but not on its own proof of malicious intent.