Skillv1.0.1

ClawScan security

Ostrom Energy · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 11:11 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and instructions match its claimed purpose (fetch prices, compute windows, run smart‑home commands) but there are mismatches and a few risky behaviors (undeclared required credentials, local .env/config usage, and executing user-provided shell commands) that deserve attention before installing.
Guidance: Before installing or running this skill: (1) Understand it expects OSTROM_CLIENT_ID and OSTROM_CLIENT_SECRET (and optional ZIP/ENV). The registry metadata didn't declare required env vars — confirm you are comfortable providing those credentials. (2) The control command will run whatever strings you pass as --on-command/--off-command using the shell (subprocess.run with shell=True). Only use trusted commands and test with dry-run (--execute off) first. (3) run.sh/.env loading will source a .env in the skill folder and the code reads ~/.config/ostrom-energy/config.json — verify those files do not contain secrets you don't intend to use. (4) Review the code for the base API/auth URLs it uses (OSTROM_ENV handling) to ensure it communicates with the legitimate Ostrom endpoints. (5) If you plan to allow the agent to invoke this skill autonomously, consider restricting autonomous use or requiring explicit user confirmation before any action that executes commands. (6) If you need higher assurance, run the CLI locally in an isolated environment (or inspect the full ostrom_energy.py file end-to-end) and avoid installing the wrapper globally.

Review Dimensions

Purpose & Capability: concernSKILL.md and the Python code clearly require Ostrom API credentials (OSTROM_CLIENT_ID, OSTROM_CLIENT_SECRET) and optionally OSTROM_ZIP/OSTROM_ENV and a persisted config at ~/.config/ostrom-energy/config.json. The registry metadata, however, lists no required environment variables or config paths. That mismatch (skill needs secrets but metadata doesn't declare them) is incoherent and should be corrected or explained.
Instruction Scope: noteRuntime instructions explicitly load a local .env, read ~/.config/ostrom-energy/config.json, obtain an OAuth2 token, call /spot-prices, compute optimization windows, and — for control — run user-supplied shell commands via subprocess.run(shell=True). Reading local config/.env is expected for this CLI, but executing arbitrary shell commands is powerful and requires caution; SKILL.md warns about dry-run and trusted input, which is appropriate but still increases risk if the skill is invoked autonomously.
Install Mechanism: okThere is no platform install spec (instruction-only from registry), but the package includes a small install-local-command.sh that writes a wrapper to ~/.local/bin. That is a low-risk, user-level install and not unexpected for a CLI tool.
Credentials: concernThe code legitimately requires a client id/secret for OAuth and may use OSTROM_ENV/ZIP; these are proportionate to the stated purpose. However, the skill package metadata does not declare these required env vars or the config path, so the skill requests sensitive secrets in practice but does not advertise them in the registry metadata — a transparency concern. Also, the skill will source a local .env in the skill folder, which can cause accidental use of secrets from that file if present.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills, and its optional installer only writes to the user's ~/.local/bin. It can be invoked autonomously (default), which is normal — but combined with shell execution behavior this increases the need for careful gating (see guidance).