Skillv1.1.2

ClawScan security

Leafengines · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 7:14 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely matches its agricultural-intelligence purpose, but there are clear inconsistencies in the runtime instructions and configuration that warrant caution before installing or running it.
Guidance: This skill appears to be an agricultural API proxy served from a Supabase functions endpoint and is broadly consistent with its stated purpose, but there are a few red flags to check before installing or running things: 1) Input mismatch — SKILL.md says tools require county_fips but README/examples use latitude/longitude; confirm which parameters the server actually expects to avoid sending incorrect data. 2) Endpoint trust — the MCP server URL points to a third-party Supabase host; any data you send (including soil/location queries) will go there. If you plan to send sensitive location or business data, verify the operator, privacy, and billing policies first. 3) Public test key — README includes a public test key; do not assume it is private or unlimited. Avoid using it for sensitive or production workloads. 4) Config modification — the included install.sh will create ~/.openclaw/config/config.yaml and perform a network health check; review the script before running it. 5) Ask the maintainer or check live API endpoints to resolve the county_fips vs lat/lon inconsistency and to confirm auth behavior (x-free-tier vs x-api-key). If these points are clarified and you trust the endpoint/operator, the skill is coherent; otherwise treat it as untrusted and do not run the install script or point your agents to the MCP server until resolved.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (soil analysis, crop recommendation, TurboQuant checks) align with the included MCP server and API reference. It reasonably needs an external service endpoint and an API key or free-tier header. Nothing requested (no special binaries or unrelated credentials) is obviously outside the stated purpose.
Instruction Scope: concernSKILL.md and README instruct agents/users to add an external MCP server URL (a Supabase functions endpoint) and to include either x-free-tier:true or x-api-key headers. That is expected for an MCP skill, but there are inconsistencies: the SKILL.md mcp tool schemas require a county_fips parameter, while many README examples and API_REFERENCE use latitude/longitude; the README also exposes a public 'test' API key and suggests exporting LEAFENGINES_API_KEY even though the skill metadata declared no required env vars. The instructions will cause agent traffic and any user-provided data to be sent to the external endpoint, so verify you are comfortable transmitting queries/data there.
Install Mechanism: noteThere is no automatic install spec, but an included scripts/install.sh (user-run) creates ~/.openclaw/config/config.yaml (if missing), writes an MCP server entry containing x-api-key placeholder, and makes a curl call to the external health endpoint. The script is straightforward and not obfuscated, but it does modify the user's OpenClaw config and attempts a network call — run it only if you trust the source.
Credentials: concernDeclared requirements list no environment variables, but documentation and the install script reference an API key and suggest LEAFENGINES_API_KEY and the test key 'leaf-test-370df0a2e62e'. This mismatch (declared none vs. instructions referencing keys/env) is inconsistent and could confuse users; the service legitimately needs a key/header, but the manifest should have declared that requirement.
Persistence & Privilege: okThe skill is not force-included (always:false) and does not request system-wide privileges beyond writing its own OpenClaw config entry. The install script only creates or updates ~/.openclaw/config/config.yaml (if it doesn't exist) and does not alter other skills or system files.