Back to skill
Skillv0.1.3
ClawScan security
Cloak · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 14, 2026, 8:19 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, required tools, and behavior are coherent with its stated purpose (creating and retrieving one‑time secrets via cloak.opsy.sh) and it does not request unrelated credentials or install code.
- Guidance
- This skill is internally consistent and does what it says: it guides the agent to create and fetch one-time secrets from https://cloak.opsy.sh using curl and jq. Before using it, confirm you trust the Cloak service (privacy, retention, and TLS practices) because secrets fetched by the agent will reside in the agent runtime (env vars or files) and could be exposed in logs or by other agent actions. Never paste full secret values into chat; share only the one-time URL as intended and prefer short TTLs and revocation when possible. If you want to prevent autonomous retrieval of secrets by the agent, disable autonomous invocation for this skill or avoid giving the agent secret links. If you need higher assurance, review the service's documentation or host a self‑managed equivalent.
Review Dimensions
- Purpose & Capability
- okName/description (one-time secret sharing) match the runtime instructions: curl/jq commands to POST secrets, retrieve with X-Cloak-Key, and delete. Required binaries (curl, jq) are appropriate and proportional.
- Instruction Scope
- okSKILL.md only directs the agent to interact with https://cloak.opsy.sh endpoints and to write retrieved secrets directly to a destination (env var or file). It explicitly prohibits echoing secrets into conversation. There are no instructions to read unrelated files, other env vars, or to transmit secrets to other endpoints.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — nothing is dropped to disk and no external packages are fetched. This is lowest-risk from an install perspective.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. The actions it requires (making HTTPS requests and piping output through jq) do not need additional secrets from the runtime beyond the one-time secret provided by the user/link.
- Persistence & Privilege
- notealways is false and there is no install or persistent configuration. The skill allows autonomous model invocation (disable-model-invocation is false) — this is the platform default. Be aware: if the agent receives a valid Cloak URL/key, it could autonomously retrieve that secret into its runtime environment; this behavior is consistent with the skill's purpose but is a privacy/operational risk to consider.