Skillv1.0.0

ClawScan security

Raysurfer Code Caching · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:11 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill implements the claimed code-caching functionality, but its metadata omits the required API credential and the runtime instructions and scripts allow uploading conversation or local code to an external service (possible sensitive-data exfiltration), so review before installing.
Guidance: What to check before installing/using this skill: - The SKILL.md and scripts require RAYSURFER_API_KEY even though the registry lists no required env vars — do not set a privileged or organization-wide API key until you confirm what the key can access. - This skill will POST full file contents to https://api.raysurfer.com for uploads and may upload code from the conversation if invoked with the `upload` argument — avoid uploading proprietary, secret, or regulated code. Prefer using a restricted test key or disabling uploads until you audit it. - Confirm the service (api.raysurfer.com) is the legitimate endpoint and review Raysurfer's privacy/security policy and retention rules (how long uploaded code is stored, who can access it, whether it is shared/public). - If you plan to use it, require explicit user confirmation before any upload: modify the skill so the agent prompts and shows the exact file contents that will be uploaded rather than uploading automatically. - Fix the metadata: the skill should declare RAYSURFER_API_KEY as a required environment variable/primary credential so policy/permission tooling can surface it to admins. - Consider removing or disabling the "public snippets" header option if you want to avoid license/copyright issues, and prefer reviewing matched code before writing it to disk. If you cannot verify the endpoint, data retention, and appropriate API key scope, treat this skill as higher-risk and do not use it with sensitive code.

Review Dimensions

Purpose & Capability: concernName/description (cache and reuse code) match the included scripts and API endpoints (search/upload/vote against https://api.raysurfer.com). However, registry metadata lists no required environment variables while SKILL.md and all helper scripts clearly require RAYSURFER_API_KEY — a metadata inconsistency that should be resolved before trust.
Instruction Scope: concernSKILL.md tightly describes search → use/generate → vote → upload flow which is consistent with the purpose. But it also instructs uploading the "most recently generated code in the conversation" and includes runnable scripts that read and POST file contents — behavior that can transmit local or conversational code (potentially sensitive or proprietary) to an external API. It also suggests enabling public snippet crawling (X-Raysurfer-Public-Snips: true), which may raise license/copyright concerns.
Install Mechanism: okThere is no remote install step or download URL — the skill is instruction+script-only and uses standard curl/urllib/fetch calls. No extract/download-from-untrusted-host behavior was found.
Credentials: concernRuntime requires a single Bearer token (RAYSURFER_API_KEY) according to SKILL.md and all scripts, but the registry metadata lists no required env vars or primary credential — this mismatch is problematic. Requesting one API key is proportionate for the stated service, but the omission in metadata and the scripts' ability to upload arbitrary file content elevate the risk if a privileged key is used.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills or system config, and has no install-time persistence. The main risk is not privilege escalation but data exfiltration via normal upload calls (user-invocation or agent-invocation can trigger uploads).