Skillv1.0.3

ClawScan security

challanx · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 16, 2026, 4:12 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The bundle is mostly a documentation/hook plugin for the ChallanX API and appears to only inject benign reminder files, but there is an important metadata inconsistency (the manifest and SKILL.md require a CHALLANX_API_KEY while the registry metadata lists no required env vars), which needs clarification before trusting or installing it.
Guidance: This bundle appears to be an OpenClaw documentation/hook integration that injects two virtual reminder files and documents usage of the ChallanX API. Before installing: (1) Confirm the registry metadata is corrected — SKILL.md and plugin.json require CHALLANX_API_KEY, but the registry listing showed no required env vars. Make sure you understand and supply only the intended API key. (2) Verify ownership of the public endpoint (https://challanx.in/openclaw/api) and that you trust that service to handle any uploaded URLs/media. (3) If you operate in a restricted environment, confirm that injecting virtual bootstrap files into agent workspaces is acceptable. (4) Ask the publisher to explain the metadata inconsistency; if they cannot, treat the package cautiously or run it in an isolated/test environment first.

Review Dimensions

Purpose & Capability: concernThe skill's files (SKILL.md and plugin.json) declare that requests require an x-api-key and ask operators to set CHALLANX_API_KEY as a runtime secret. However, the top-level registry metadata shown to the evaluator lists 'Required env vars: none' and 'Primary credential: none'. This mismatch is an incoherence in the bundle metadata and should be resolved. Otherwise the declared capability (calling a protected API) is consistent with the code and docs.
Instruction Scope: okThe SKILL.md and other docs restrict behavior to the public endpoint (https://challanx.in/openclaw/api) and describe only expected inputs/outputs. The included hook code only injects two virtual reminder/instruction files into agent bootstrap files and does not attempt to read unrelated files or environment variables. No instructions ask the agent to collect or transmit data outside the described API.
Install Mechanism: okThere is no install spec (instruction-only semantics). The bundle includes hook source code but does not download or install external packages or execute external installers. This is low-risk from an install perspective.
Credentials: concernThe bundle itself only requests a single service credential (CHALLANX_API_KEY) which is proportionate for an API client. The concern is the metadata mismatch: registry metadata claims no required env vars while plugin.json and SKILL.md require CHALLANX_API_KEY. That discrepancy could lead to operators not provisioning the secret or misunderstanding the need for it. No other unrelated secrets are requested.
Persistence & Privilege: okThe skill does not request 'always: true' and is user-invocable as normal. The hook will inject virtual reminder files into the agent's bootstrap context at agent bootstrap time, but it explicitly avoids overwriting existing non-virtual files and skips subagents. It does not modify other skills' configs or system-wide settings.