Back to skill
Skillv1.0.1
ClawScan security
baize-task-bot · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 12, 2026, 5:03 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill generally matches its described outbound-call purpose, but the package metadata omits required environment variables and the skill will send data to a configurable HTTP endpoint using a token — these inconsistencies and the network-write behavior warrant caution.
- Guidance
- This skill reads local JSON data and will make POST requests to whatever BAIZE_BASE_URL you configure, using BAIZE_TOKEN as the authentication header. Before installing or enabling the skill: - Confirm the registry metadata (which currently lists no env vars) and the SKILL.md: the skill requires BAIZE_BASE_URL and BAIZE_TOKEN. Treat BAIZE_TOKEN like any secret — only provide a token with minimal scope and to a trusted endpoint. - Review or run the included skill.py locally to ensure the endpoint and request payloads are acceptable. The skill posts JSON to BAIZE_BASE_URL+path and sets header 'token'. If you set BAIZE_BASE_URL to a remote host, the skill can transmit task/line data to that host. - Use a non-production token or localhost test endpoint if you want to exercise functionality safely. - If you need higher assurance, request the full, untruncated source for manual review to ensure there are no hidden exfiltration paths or unexpected file/OS access. If the metadata cannot be corrected to declare the required env vars, treat that as a red flag and consider not installing until fixed.
Review Dimensions
- Purpose & Capability
- concernThe SKILL.md and skill.py clearly require BAIZE_BASE_URL and BAIZE_TOKEN for write operations to the Baize outbound API; however the registry metadata lists no required environment variables or primary credential. That mismatch is inconsistent and could mislead users about what secrets are needed.
- Instruction Scope
- okQuery operations operate only on included local JSON files under data/. Write operations call the Baize API. The SKILL.md requires user confirmation before write actions, and it documents the local files used. Instructions do not ask for unrelated system files or credentials beyond the Baize API token.
- Install Mechanism
- okNo install spec — the skill ships as code and data only. No installers or external downloads were observed in the manifest, which reduces install-time risk.
- Credentials
- concernThe skill needs BAIZE_BASE_URL and BAIZE_TOKEN to perform write operations; this is proportionate to calling an external service. The concern is the registry metadata failing to declare these env vars and credentials, which hides the fact that a secret (BAIZE_TOKEN) is required and will be sent as an HTTP header to a configurable endpoint.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request elevated platform privileges. It does not install services or modify other skills' configs. It will perform network calls when invoked, which is expected for its purpose.