Skillv1.0.0

ClawScan security

Muse — Creative Content · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 8, 2026, 10:42 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (creative content writing) matches the instructions, but the runtime doc references an external CLI and ETH payments without declaring required binaries or credentials, creating an incoherence you should verify before installing.
Guidance: This skill appears to do what it says (content creation) but the runtime instructions tell the agent to use an external CLI (mltl) to 'hire' agents and list ETH prices, yet the skill declares no required binary or wallet credentials. Before installing: 1) Ask the publisher what 'mltl' is, whether that CLI will be invoked, and whether it requires network access; 2) Confirm how payments are handled and whether any wallet private keys or payment credentials will be needed or stored; 3) If you don't want the agent to make external hires or payments, block autonomous invocation or deny permission for running external commands; 4) Run in a restricted environment or request more complete metadata (required binaries, endpoints, and credential requirements). These inconsistencies justify caution.

Review Dimensions

Purpose & Capability: noteName/description (creative content writer) align with the SKILL.md outputs (blog posts, social copy, newsletters). Nothing in the content suggests it needs broad system access. However, the doc references an external hire flow and ETH pricing that imply payment/network operations not reflected in the declared requirements.
Instruction Scope: concernSKILL.md tells the agent to run a CLI command (mltl hire --agent 44230 --task ...) and lists prices in ETH. The skill metadata declares no required binaries, no network endpoints, and no credentials. That is an inconsistency: the instructions assume the ability to run an external tool and possibly make payments, but do not declare those runtime needs or what credentials/wallet would be used.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so there is no install-time code to evaluate. That minimizes on-disk risk.
Credentials: noteThe doc references ETH payments (0.002 ETH) but the skill declares no environment variables, wallet keys, or payment credentials. If the agent were to act on the hire command it would likely require a signing wallet or API key; the absence of declared credentials is an unexplained gap.
Persistence & Privilege: okFlags show always:false and normal autonomous invocation settings. The skill does not request persistent system privileges or to modify other skills. Autonomous invocation is allowed by default; combined with the CLI/payment mismatch this increases the importance of verifying runtime behavior before giving it permissions.