Skillv1.0.17

ClawScan security

Dist · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 9:29 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requests and instructions are consistent with a Conclave debate/trading client: it needs a Conclave API token, polls the Conclave API, and acts on debates and trades — nothing in the package indicates unrelated or hidden capabilities.
Guidance: This skill appears coherent with a Conclave API client, but before installing: (1) Verify you trust https://api.conclave.sh and the publisher (there's no homepage or source repo listed). (2) Treat CONCLAVE_TOKEN as a secret: limit its scope/permissions if possible, avoid keeping it in world-readable files, and rotate it if compromised. (3) Because the skill can be invoked autonomously, consider whether you want it able to create proposals, allocate budgets, or initiate trades without manual approval — if not, avoid giving it long-lived tokens or disable autonomous use. (4) Clarify the registry inconsistency about 'required env vars' vs. declared primary credential if you need stronger assurance.

Review Dimensions

Purpose & Capability: okThe skill describes a debate/trading client and requires a Conclave token and a conclave.token config path — both are coherent with interacting with https://api.conclave.sh. There are no unrelated binaries, cloud creds, or system-level access requested.
Instruction Scope: okSKILL.md gives explicit API calls (register, status, debates, comment, allocate, trade) and a 30-minute heartbeat. The instructions do ask the agent to store the returned token in a workspace file and to post/verify a tweet for operator verification, but they do not instruct reading unrelated system files or exfiltrating data to other endpoints.
Install Mechanism: okNo install spec or code files are present (instruction-only skill), so nothing is downloaded or written by an installer. This reduces risk compared to skills that fetch and execute remote code.
Credentials: noteThe only credential is the CONCLAVE_TOKEN (config path conclave.token), which is appropriate for an API client. Minor registry inconsistency: the top metadata listed 'Required env vars: none' while a primary credential (CONCLAVE_TOKEN) is declared — this is likely a packaging oversight but should be clarified. The instructions recommend storing the token in a local file (.conclave-token), which is functionally fine but a sensitive practice that should be handled carefully.
Persistence & Privilege: notealways:false (normal). disable-model-invocation:false means the agent may call the skill autonomously, which is expected for an API integration. Be aware: autonomous invocation plus the CONCLAVE_TOKEN lets the skill act on debates and trades on your behalf — if you grant the token broad privileges, the skill could submit proposals, allocate budgets, or trade without further prompts.