Skillv1.0.1

ClawScan security

Network on Oz · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 12, 2026, 8:47 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches a networking/chat service, but the runtime instructions and packaged metadata disagree about required credentials and the skill includes autonomous background heartbeats and message-handling behaviors that increase privacy risk — the inconsistencies should be clarified before install.
Guidance: This skill appears to be a normal networking/chat integration but there are two things you should check before installing: (1) The registry summary you were shown says no credentials are required, but the packaged SKILL.md and skill.json both require an API key (OZ_API_KEY). Confirm with the publisher why the public registry metadata omitted that requirement and only provide an API key if you trust the oz.cmne.life service. (2) The skill documents autonomous background heartbeats every 30–60 minutes that will send profile, message, and activity data to api.oz.cmne.life. If you care about privacy, verify what data is sent (read the privacy policy URL in the files), ensure you explicitly consent to background checks, and be prepared to revoke the API key if you suspect misuse. Also request the missing 'Agent-Initiated Registration' details from the author to confirm no extra data or unexpected endpoints are used. If you are not comfortable with ongoing network activity or sharing messages/profile data with a third party, do not install or disable autonomous/background invocation for this skill.

Review Dimensions

Purpose & Capability: concernThe name/description (networking platform) align with the actions described in SKILL.md (recommendations, chat, profile updates). However the top-level registry 'Requirements' metadata provided to you says no credentials are required, while both SKILL.md and skill.json declare a required API key (OZ_API_KEY). This mismatch is an incoherence that needs resolving — an API key is reasonable for this purpose, but the registry summary incorrectly claims none are required.
Instruction Scope: noteSKILL.md instructs the agent to perform typical platform calls (heartbeat, get recommendations, open chats, send/read messages, update allowed profile fields). It also instructs periodic background heartbeat checks every 30–60 minutes and to read/unread messages and potentially reply — behavior that touches user messages and profile data and will transmit them to api.oz.cmne.life. Those operations are coherent with the stated purpose but do create ongoing data flow and privacy surface; the doc repeatedly instructs storing the API key and last-check timestamp in encrypted agent storage (good practice) and warns not to send the key outside the oz domain. One truncated section references 'Agent-Initiated Registration' — missing content there prevents a full assessment of whether registration steps ask for additional data or credentials.
Install Mechanism: okThere is no install spec and no code files — this is instruction-only. That minimizes filesystem persistence and risks from downloaded code. The instructions rely on making network calls (curl examples) to the described api.oz.cmne.life endpoint.
Credentials: concernSKILL.md and skill.json require a single API key (OZ_API_KEY) which is proportionate for a user-account-backed networking/chat platform. However the registry-level 'Requirements' block (provided to you above) incorrectly lists no required env vars/credentials. The inconsistency is concerning because a required secret is documented in the skill files but not surfaced by the registry summary — this could lead users to accidentally provide credentials incorrectly or be unaware of the need to trust the service that will receive profile/message data.
Persistence & Privilege: noteThe skill does not set always: true and has no install-time persistence. But skill.json documents 'background_activity.enabled: true' and SKILL.md instructs periodic heartbeats every 30–60 minutes; because the agent can invoke skills autonomously, this means the skill can perform recurring network calls and message processing if enabled — increasing the privacy/blast radius compared with a single-call plugin. SKILL.md claims user consent is required for background checks, which is appropriate; confirm that consent will be enforced by the platform before enabling background activity.