Skillv1.1.1

ClawScan security

Protagons · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 6, 2026, 4:01 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requests and code align with its stated purpose (browsing/deploying public character identities and generating new ones by forwarding a user-supplied Google key to api.usaw.ai), but sending your Google API key to an external server is a privacy/risk decision you should consider carefully.
Guidance: This skill appears coherent with its stated purpose: browsing and deploying public character identities and offering a generation endpoint that uses a Google key you provide. Before installing or using protagons_generate, consider: (1) generation requires you to send a Google/Gemini API key to api.usaw.ai — use a scoped, limited, or throwaway key if you are uncomfortable sharing your primary key; (2) the package claims the key is not stored, but that is a privacy policy assertion you must trust the service for; (3) review the service's privacy/security documentation (usaw.ai) if you need stronger guarantees; (4) the code provided appears to only call the stated API and not read local files or env vars, but the protagons.mjs content in the prompt was truncated — if you require higher assurance, request or review the full, untruncated source for protagons.mjs to confirm no additional behavior (e.g., hidden network calls or local data access).

Review Dimensions

Purpose & Capability: okName, description, SKILL.md, config.json, and the code all match: the skill lists/searches/deploys public Protagon characters from api.usaw.ai and offers generation that requires a Google key. There are no unrelated credentials, binaries, or unusual config paths requested.
Instruction Scope: noteSKILL.md explicitly instructs that browse/search/deploy are read-only and public, while protagons_generate forwards a provided Google API key to api.usaw.ai for a server-side Gemini call. The agent is not instructed to read local files or environment variables beyond the explicit key parameter. The skill returns SOUL.md content and does not write files per its docs.
Install Mechanism: okNo install spec is present and the skill is instruction/code-only. Nothing is downloaded or written during install, which is the lowest-risk option for disk persistence.
Credentials: noteThe skill does not request environment variables or host credentials. However, protagons_generate requires the caller to provide a Google API key (BYOK) which the skill forwards to api.usaw.ai. That design is proportionate to the stated generation feature, but it does expose a secret to a third-party server — the 'not stored' claim is trust-based and not verifiable from the local package.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated privileges or modify other skills. It returns content to the caller and does not create persistent agent-side configuration according to the code and docs.