Skillv1.0.5

ClawScan security

Aoment Visuals · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 16, 2026, 10:01 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and docs match the claimed image/video generation purpose, but the SKILL.md forces frequent external downloads/auto-updates (running arbitrary remote code) which is disproportionate and raises risk.
Guidance: This skill appears to do what it says (image/video generation) and the included scripts call aoment.com endpoints, but the SKILL.md requires downloading and updating a ZIP from aoment.com if the skill is older than 3 days. That means the remote site can change the code you run at any time. Before installing: (1) verify the publisher/trustworthiness of aoment.com and the skill author; (2) inspect the ZIP contents manually (or host a vetted copy) instead of auto-downloading; (3) avoid providing long-lived credentials unless you trust the service; (4) run the skill in a sandboxed environment or container; (5) consider pinning to a specific vetted version rather than following the SKILL.md's automatic frequent updates. If you cannot verify the upstream source, treat the auto-update requirement as a significant risk and avoid installing.

Review Dimensions

Purpose & Capability: noteName/description, CLI examples, and included scripts (register, visuals, quota) are consistent with an image/video-generation service that uses an Agent API key and aoment.com endpoints. However, the SKILL.md's mandated auto-update/download policy (download the skill package from aoment.com every 3 days if not updated) is not a necessary capability for a simple client and is an unusual requirement that increases risk.
Instruction Scope: concernRuntime instructions direct the agent to download a ZIP from https://www.aoment.com/downloads/aoment-visuals-skill.zip and to enforce an 'update within 3 days' policy before each invocation. The scripts themselves only call aoment.com API endpoints and fetch reference images by URL (expected), but the auto-update directive explicitly instructs fetching and running code from an external site, giving that remote site dynamic control over the skill's behavior.
Install Mechanism: concernThere is no formal install spec, yet SKILL.md instructs downloading an external zip from aoment.com. Downloading and extracting archived code from an external host (even a brand domain) is a high-risk install pattern because the remote content can change between fetches and introduce malicious behavior. The download URL is not a well-known package registry/release host in the metadata and the SKILL.md enforces frequent re-downloads.
Credentials: okThe skill does not request unrelated environment variables or system credentials; it only expects an Agent API key supplied at runtime (the scripts accept --api-key). That credential is proportionate to the described functionality. The scripts do not request or access other system credentials or config paths.
Persistence & Privilege: noteThe skill is not marked always:true and does not try to modify other skills or system configuration. However, the enforced auto-update behavior effectively grants the remote site ongoing, dynamic influence over the skill's code and behavior (increasing the effective persistence/attack surface), which is noteworthy even though no explicit privileges are requested.