Back to skill
Skillv2.0.0
ClawScan security
super-search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 7, 2026, 3:05 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's description, declared requirements, and runtime instructions are inconsistent — the SKILL.md expects API keys and mentions web_fetch but the registry metadata lists no required environment variables and the declared search providers don't match the implementation.
- Guidance
- This skill has clear mismatches between its manifest and its runtime instructions. Before installing: 1) Ask the publisher to update the registry metadata to list the required environment variables (TAVILY_API_KEY, BRAVE_SEARCH_API_KEY) and to explain how API keys are used and stored. 2) Request concrete commands or examples for DuckDuckGo/Google if those providers are part of the advertised scope. 3) Confirm whether the agent will persist any keys/config or where DEFAULT_* values are stored; never paste secrets into a public skill. 4) Consider privacy: the skill's web_fetch step retrieves full page content from top URLs and could collect personal or sensitive data — verify acceptable data handling. If the author cannot justify the mismatches or provide a trusted homepage/repository, treat the skill cautiously and avoid supplying API keys.
Review Dimensions
- Purpose & Capability
- concernThe skill description claims searches across Tavily, Brave, DuckDuckGo, and Google, but the SKILL.md only provides concrete commands for Tavily and Brave (no DuckDuckGo or Google calls). Registry metadata lists no required environment variables, yet SKILL.md requires TAVILY_API_KEY and BRAVE_SEARCH_API_KEY. These mismatches indicate the declared purpose and the actual implementation are not aligned.
- Instruction Scope
- noteRuntime instructions direct the agent to run web requests (curl examples) and to use an agent tool 'web_fetch' to retrieve full content of top URLs for consolidation. Fetching full page content is reasonable for an aggregator, but it broadens scope (could pull private/embedded data). SKILL.md also references local configuration variables (DEFAULT_CITY/STATE/COUNTRY) and warns 'não expor em skill pública', which is odd for an instruction-only skill and suggests unclear handling of configuration/secret exposure.
- Install Mechanism
- okNo install spec and no code files beyond package.json and SKILL.md. Instruction-only skills are lower risk because nothing is written to disk by an installer.
- Credentials
- concernSKILL.md requires TAVILY_API_KEY and BRAVE_SEARCH_API_KEY (and suggests DEFAULT_* vars), but the registry metadata declares no required environment variables or primary credential. Requesting API keys for the two search services would be proportionate if declared; the omission in metadata is a coherence problem and prevents proper permission review. Also the note 'não expor em skill pública' for DEFAULT_* suggests uncertainty about what should be secret.
- Persistence & Privilege
- okSkill is not always-enabled and does not request persistent/privileged installation. It is user-invocable and can be invoked autonomously by the agent (the platform default), which is normal.