Skillv1.1.0

ClawScan security

Monkeytype Tracker and Advisor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 8:47 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches its stated purpose (fetching Monkeytype stats) but contains inconsistencies about required credentials and instructs the user to share and store their ApeKey in ways that increase risk; these mismatches and persistence instructions warrant caution before installing.
Guidance: This skill appears to do what it says (fetch Monkeytype stats) but has several mismatches and risky instructions you should consider before installing: - Registry vs code mismatch: The skill actually needs an ApeKey (MONKEYTYPE_APE_KEY) but the published metadata does not declare this. Treat that as a red flag and ask the publisher to correct the manifest. - Secret handling: The SKILL.md asks users to paste their ApeKey into chat and/or save it into ~/.openclaw/workspace/config/monkeytype.json (plain JSON). Prefer setting the MONKEYTYPE_APE_KEY environment variable locally instead of sending it in chat. If you must provide a key, do not paste it into an untrusted conversation and be aware the key will be stored in plaintext in your workspace config. - Automations/crons: The instructions propose creating cron jobs for automated reports. Enabling scheduled runs gives the skill ongoing execution rights. Only enable automations if you trust the code and understand where secrets and outputs will be stored. - Review the code yourself or run it in an isolated environment: The included Python script is short and calls only api.monkeytype.com, but you should review it (or run it in a sandbox) before allowing scheduled runs or before storing your ApeKey on disk. - Minimum steps to mitigate risks: 1) Ask the publisher to update the registry manifest to declare the ApeKey requirement. 2) Prefer setting MONKEYTYPE_APE_KEY as an environment variable rather than pasting in chat or writing a plaintext config file. 3) If you enable automations, inspect and limit the cron job's permissions and ensure the key stored has only the necessary scope on Monkeytype. 4) If unsure, decline automated reports and use only on-demand commands after setting the env var locally. If you want, I can produce suggested safer setup text to replace the SKILL.md prompts (for example: a warning not to paste secrets in chat, and explicit instructions to set the env var instead of writing plaintext files).

Review Dimensions

Purpose & Capability: concernThe registry metadata declares no required environment variables or primary credential, but both the SKILL.md and the included Python script expect and use a Monkeytype API key (MONKEYTYPE_APE_KEY or a workspace config file). The skill legitimately needs an ApeKey for its stated purpose, so the registry metadata omission is an inconsistency and should have declared a primary credential.
Instruction Scope: concernSKILL.md instructs the agent to ask the user to paste their ApeKey into chat and/or save it into ~/.openclaw/workspace/config/monkeytype.json; it also tells the agent to create cron jobs for automated reports. Asking users to send secrets in conversation and instructing persistent system changes (cron) go beyond simple read-only queries to the Monkeytype API and expand the security surface.
Install Mechanism: okThere is no install spec (instruction-only + a small Python script). No downloads or external install steps are present, which keeps install risk low.
Credentials: concernThe skill requires the user's ApeKey (a secret) but the registry failed to declare it. The SKILL.md and script use MONKEYTYPE_APE_KEY and write the key to a plaintext JSON config in the user's workspace. Storing API keys in plaintext and encouraging the user to paste a key into chat are disproportionate exposure risks even if the key is necessary for functionality.
Persistence & Privilege: concernThe skill writes a workspace config file and a cache file, and the instructions propose creating cron jobs for automated reports (persistent, scheduled execution). While always:true is not set, scheduled automation would grant ongoing system presence and should be enabled only with explicit user consent and understanding of where secrets will be stored.