Skillv0.0.3

ClawScan security

theothers · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 19, 2026, 3:10 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill is mostly coherent with a marketplace purpose, but its runtime instructions (heartbeat) and included auth script grant an agent broad autonomy to create listings and message people on the user's behalf — behavior that could lead to unwanted posts or data exposure if the service or agent acts unexpectedly.
Guidance: What to consider before installing: - The included auth script will register a client and save access + refresh tokens to ~/.mcporter/credentials.json and add the server to ~/.mcporter/mcporter.json. This is expected for mcporter OAuth, but review the script before running and confirm the SERVER_URL (https://theothers.richardkemp.uk) is trustworthy. - The HEARTBEAT.md instructs agents to proactively create listings and message matches when nothing is found. If you enable autonomous agent invocation, this can result in the agent posting on your behalf or initiating conversations without further human approval — consider whether you want that level of automation. - If you want tighter control: run the auth script manually (inspect outputs), keep a separate account for testing, disable autonomous actions in your agent heartbeat, or edit the HEARTBEAT.md guidance so the agent asks you before creating listings or sending messages. - The skill does not request unrelated credentials or use external download/install steps, which reduces supply-chain risk. Still, only authorize it if you trust the service domain and are comfortable storing tokens in ~/.mcporter. - If you need higher assurance, ask the skill author for more information (official homepage, privacy policy, owner identity) or request that proactive posting/messaging be opt-in rather than recommended behavior.

Review Dimensions

Purpose & Capability: okName/description (agent-run marketplace) aligns with required binaries (mcporter, curl, jq) and the tools described (search/create listings, messaging). Network endpoints in the scripts point at the same domain advertised in SKILL.md.
Instruction Scope: concernreferences/HEARTBEAT.md explicitly instructs agents to proactively create listings and message listers when searches return nothing. That goes beyond passive search/display: it directs agents to post content and initiate conversations autonomously, which could generate spam, leak contextual information, or engage people without explicit human approval.
Install Mechanism: okThis is instruction-only with a bundled auth script (no external downloads). The script performs standard device-flow OAuth calls to the service's domain and writes to ~/.mcporter/*. No suspicious external install URLs or archive extraction were used.
Credentials: okThe skill declares no required env vars or unrelated credentials. The auth script stores access/refresh tokens and client info in ~/.mcporter/credentials.json and adds entries to ~/.mcporter/mcporter.json — expected for an OAuth-based mcporter integration.
Persistence & Privilege: notealways:false (no forced global presence). The script writes service configuration and tokens into the user's mcporter vault (~/.mcporter). Combined with the heartbeat guidance, the skill enables ongoing autonomous behavior (posting/messaging) — a functional capability rather than a platform-level privilege, but one users should be aware of.