Skillv0.1.5

ClawScan security

Rumi · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:17 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior (it expects and stores an apiToken, uses web sign-in, and performs ongoing polling) is coherent with a matchmaking/chat service, but the registry metadata does not declare the credential it clearly requires and the skill has no publicly listed source or homepage — this mismatch and lack of provenance warrant caution.
Guidance: This skill appears to do what it says (match you with human chat partners) and has no installer or code files, which reduces some risk—but there are important red flags to check before installing: - Inconsistency: The SKILL.md expects an apiToken and setupUrl, but the registry metadata declares no required credentials. Ask the developer or vendor: where will the apiToken be stored, what exact environment/config key will hold it, and who can access it? - Provenance: The skill has no homepage or source listed. Verify the vendor identity and privacy policy. For any service that connects you to humans, you should know data handling, moderation, and reporting policies. - SetupUrl safety: Before clicking the setup link, confirm the domain is legitimate (not a shortener or personal server). Understand what Google sign-in permissions are requested and what the returned token allows (create sessions, read messages, impersonate user?). - Token lifecycle: Ask whether you can revoke the token, whether the skill stores it encrypted, and whether the skill deletes tokens/sessions on request. Also ask how long message/chat history is retained and where it is stored. - Minors & safety: SKILL.md references age verification and minors handling (truncated). Request the full policy on under‑18 users and content moderation. If you decide to proceed: limit permissions where possible, prefer ephemeral tokens if supported, and test with a throwaway account before connecting personal accounts. If the developer cannot clarify the apiToken handling or identity of the service, treat the skill as higher-risk and avoid installing.

Review Dimensions

Purpose & Capability: concernThe name/description match the SKILL.md instructions: this is a people-matching/chat helper. However, SKILL.md repeatedly references an apiToken, setupUrl and saving the token to plugin configuration — yet the registry metadata declares no required credentials or primaryEnv. The missing declared credential is a notable inconsistency (why require no env when the runtime needs an apiToken?).
Instruction Scope: noteThe instructions stay within the stated purpose: collecting user context, creating a single match session, polling status, and relaying messages. They explicitly warn to avoid duplicate sessions and ask for confirmation before creating sessions. The instructions do require saving an apiToken to plugin configuration and opening a web sign-in flow (setupUrl). They do not request arbitrary file/system access in the provided excerpt. The SKILL.md is prescriptive about polling frequency and session management, which is normal for this type of integration.
Install Mechanism: okNo install spec and no code files — instruction-only. That lowers the risk of arbitrary code being dropped on disk. Network calls and token storage are still part of the runtime surface, but there is no installer to evaluate.
Credentials: concernThe skill clearly needs an API token (setup flow and error condition mention apiToken and setupUrl), yet the registry lists no required env vars or primary credential. That omission is disproportionate and important: users need to know what secret will be stored and how it will be used. No other unrelated credentials are requested in SKILL.md, which is appropriate, but the absent declaration of the apiToken is the main issue.
Persistence & Privilege: okalways is false and the skill does not request system-wide persistence. It instructs saving the apiToken to the plugin configuration (its own config), which is a normal behavior for services that need tokens. There is no instruction to modify other skills or global agent settings in the provided text.