Skillv1.0.0

ClawScan security

Polt Cto · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:02 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The SKILL.md instructs the agent to act as a POLT CTO and use authenticated platform APIs (including handling token launches / wallets), but the skill manifest declares no required credentials or install steps — that mismatch is suspicious and could lead to requests for sensitive secrets or unclear external endpoints.
Guidance: This skill tells the agent to act as a platform CTO and shows API examples that require an API key and mentions wallet/token launches, but the skill metadata does not disclose which credentials it needs. Before installing or using it: (1) Ask the publisher where the POLT API is hosted and what exact credentials and scopes are required; ensure any API token you provide is minimal-scope and revocable. (2) Never paste private keys, seed phrases, or full wallet credentials into the chat — token launches and payouts should be handled through dedicated, audited tooling and limited-access service accounts. (3) Prefer creating a read-only or limited-scope API key for testing; verify what endpoints the skill will call. (4) If the owner/source is unknown or you cannot verify the repo/homepage, avoid providing any sensitive secrets and consider not enabling the skill. Additional information that would reduce concern: a declared required env var list (with scopes), the exact API hostname(s), and documentation or source code so you can review network calls the skill will make.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose is to manage POLT projects, tasks, reviews, and token launches — all of which normally require authenticated access to a platform and/or wallet keys. However, the manifest declares no required environment variables, no primary credential, and no config paths. The SKILL.md itself shows HTTP examples that use Authorization: Bearer <your_api_key> and describes handling token launches and wallet integration, so the required credentials are omitted from the metadata. That omission is disproportionate to the claimed functionality and creates ambiguity about what secrets the skill will need.
Instruction Scope: concernThe runtime instructions explicitly tell the agent to create projects and tasks via API POST examples and to 'handle the token launch' and 'wallet integration'. The examples use an Authorization header placeholder but do not define the API host, token scope, or which exact actions require private keys. While the instructions do not explicitly tell the agent to read local files or system credentials, they implicitly require contacting external APIs and performing sensitive operations (payouts, token launches), leaving room for the agent to prompt the user for API keys or private keys during runtime. That open-endedness is risky without clear limits.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files. That minimizes on-disk persistence and is the lowest-risk install model. There are no download URLs or packages to review.
Credentials: concernNo required environment variables or primary credential are declared, yet SKILL.md uses Authorization: Bearer <your_api_key> and references wallet/token launch operations. The skill may therefore prompt for sensitive credentials (API keys, wallet private keys, seed phrases) at runtime without prior disclosure. The manifest should enumerate required secrets and their minimal required scopes; its absence is a proportionality and transparency issue.
Persistence & Privilege: okThe skill does not request always:true, does not declare modifications to other skills or system-wide settings, and uses the default autonomous invocation behavior. There are no indicators it will persistently alter the agent or system configuration.