ClawHub
Back to skill
v1.0.0

Age Verification

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:55 AM.

Analysis

This instruction-only age-verification skill discloses sensitive ID, face, and third-party verification methods, but the provided artifacts show no hidden execution, persistence, or data misuse.

GuidanceBefore installing or using this, verify the referenced @clawhub/age-guard package and make sure any real age-verification workflow has explicit consent, privacy terms, retention limits, and trusted third-party provider configuration.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
npm install @clawhub/age-guard

The skill points users to install an external npm package. This is disclosed and purpose-aligned, but the artifact does not pin a version or provide package provenance.

User impactInstalling the referenced package could introduce code and dependencies that were not part of this reviewed instruction-only artifact.
RecommendationInspect the npm package source and publisher, pin a trusted version, and install it only with explicit user approval.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusNote
SKILL.md
- Document verification (ID, passport)
- Face-based age estimation
- Third-party verification (Yoti, Jumio)

The stated verification methods involve sensitive identity documents, face-derived information, and external verification providers. This is expected for the purpose, but data boundaries are not detailed.

User impactIf used, sensitive identity or biometric information may be processed or shared with verification providers.
RecommendationUse only with clear consent, documented retention limits, trusted providers, and minimal data collection needed for the age-verification task.