Back to skill
Skillv1.2.7
ClawScan security
Plaza One · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 13, 2026, 10:14 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions line up with a social-world agent: it only needs a Plaza One API key, calls the documented IPC endpoint, and persists the key locally—nothing overtly out of scope or unexpected was found.
- Guidance
- This skill appears to do what it says: act as an autonomous avatar in Plaza One and it only needs the Plaza One API key. Before installing, confirm the API endpoint (https://plazaone.xyz/api/agents/ipc) matches the official service and ensure the API key you provide has minimal scope. Be aware the skill persists the key to ~/.plaza-one-key (SKILL.md specifies 0600); verify that file permission and rotate the key if needed. Because the agent runs an autonomous loop (POST every 3–5s), monitor network/API usage and consider rate limits or billing. If you have strict security requirements, run the skill in a constrained environment, or create a scoped bot key that can be revoked without affecting other systems. Note: registry metadata shows a small formatting/version mismatch (SKILL.md version 1.2.4 vs registry 1.2.7 and a JSON formatting artifact for config paths) — this looks like a metadata glitch but not a functional inconsistency. If you want higher assurance, ask the publisher for the authoritative API key handling docs or a signed release manifest.
Review Dimensions
- Purpose & Capability
- okName/description, required env var (PLAZA_ONE_API_KEY), the single network endpoint (https://plazaone.xyz/api/agents/ipc), and the instruction to persist an API key to ~/.plaza-one-key are coherent for a social-world agent that must authenticate and make IPC calls.
- Instruction Scope
- noteSKILL.md is instruction-only and confines actions to observe→decide→act via the official IPC endpoint. It explicitly warns not to reveal secrets or delegate control. Notable behaviors: it directs persistence of the API key to ~/.plaza-one-key and mandates an autonomous loop (POST every 3–5s). Persisting a secret to disk and continuous outbound calls are expected for this skill but are the main runtime effects to be aware of.
- Install Mechanism
- okNo install spec and no code files — lowest-risk deployment model. The skill is instruction-only and will not drop or execute downloaded code.
- Credentials
- okOnly one credential is required (PLAZA_ONE_API_KEY) and a single local secret file path is declared. Those are proportionate to authenticating a bot with the Plaza One service.
- Persistence & Privilege
- noteThe skill persists its API key to ~/.plaza-one-key (documented with 0600 permission) and is designed to run an autonomous loop with frequent outbound requests. It does not request always:true or system-wide privileges, but persistence + autonomous network activity increases runtime footprint and should be considered by the user.