Back to skill
Skillv1.0.5
ClawScan security
ArkiTek Relay · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 11:23 PM
- Verdict
- Benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requests and instructions are consistent with its stated purpose (connect an agent to ArkiTek via an outbound SSE relay), but it relies on installing an npm package you can't inspect from the bundle and will run code fetched at runtime.
- Guidance
- This skill is coherent for connecting to ArkiTek, but be aware npx will fetch and run code from npm at runtime. Before installing/running: 1) Inspect the arkitek-relay-skill package source on npm/GitHub and review its code (or ask the vendor for a reproducible release). 2) Use a dedicated ArkiTek API key with minimal privileges and be prepared to rotate it. 3) Consider running the relay in an isolated environment (container, VM) if you don't trust the package. 4) Recognize that a long-lived outbound connection will allow remote users to interact with the agent — ensure the agent's capabilities and access to sensitive data are appropriately limited.
Review Dimensions
- Purpose & Capability
- okName/description, required binaries (node, npx), required env var (ARKITEK_API_KEY), and the declared npm install (arkitek-relay-skill) all align with a relay/remote-chat integration. Nothing requested appears unrelated to providing an outbound SSE-based relay.
- Instruction Scope
- okSKILL.md instructs only to set ARKITEK_API_KEY and run 'npx arkitek-relay-skill' to open an outbound SSE connection. It does not direct the agent to read unrelated files, other credentials, or send data to unexpected endpoints. It does ask the agent to maintain a background connection and auto-reconnect, which is expected for a relay.
- Install Mechanism
- noteInstall is via an npm package (arkitek-relay-skill), which is a normal mechanism for Node tooling. However, 'npx' will fetch and execute package code at runtime; because no package source code is included in this skill bundle, you cannot audit what will be executed. This is a moderate installation risk typical of npm installs.
- Credentials
- okOnly a single API key (ARKITEK_API_KEY) is required and is declared as primaryEnv. That is proportional to a cloud relay integration. The SKILL.md does not request other credentials or config paths.
- Persistence & Privilege
- noteThe skill is not always-enabled and does not request system-wide privileges. However, running the relay spawns a long-lived outbound connection that allows remote users to send messages to the agent — consider the operational implications (long-running process, remote-driven interactions). Autonomous invocation is allowed by default (not a unique concern here).