Skillv1.1.0

ClawScan security

Mixtiles It · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 17, 2026, 8:51 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its stated purpose (upload images to Cloudinary and return a Mixtiles cart link); no unrelated credentials or opaque installs are requested, but it will upload user images to external hosting (Cloudinary) which has privacy implications and it calls the external curl binary which is not declared.
Guidance: This skill appears to do what it says, but review these practical points before installing: - Privacy: by default the script uploads images to a public Cloudinary 'demo' account (unsigned preset). Uploaded images become publicly accessible via their URLs. If this is sensitive content, do not use the default — configure your own Cloudinary credentials/preset or avoid the skill. - Dependencies: the Python script calls curl via subprocess; ensure curl is available on systems that will run the agent, or modify the script to use Python HTTP libraries if preferred. - Custom upload endpoint: the script accepts MIXTILES_UPLOAD_URL and MIXTILES_UPLOAD_KEY env vars; only set these to trusted endpoints, since they will receive your image data. - Network usage: the skill performs outbound network requests (downloading image URLs and uploading to Cloudinary). If you need to restrict network access for the agent, do so before enabling the skill. - Audit: if you have strong privacy or security requirements, consider reviewing or running the script in a sandboxed environment and/or replacing the Cloudinary defaults with your own account and unsigned preset settings.

Review Dimensions

Purpose & Capability: okName/description, SKILL.md, and the included Python script are coherent: they accept local files or URLs, upload images to Cloudinary (or an optional Railway API), and build Mixtiles cart URLs. Environment variables exposed in SKILL.md (Cloudinary and optional Railway overrides) are relevant to the task.
Instruction Scope: noteInstructions are scoped to locating an image, running the provided script, and returning the cart URL. The script downloads remote images, writes a temp file, and uploads them to external hosts (Cloudinary or configured upload endpoint). The script includes SSRF protections (hostname/IP checks) but will still transmit user image data to third-party services, which is expected for this purpose but has privacy implications.
Install Mechanism: noteThere is no install spec (instruction-only), and no external code is downloaded at install time. The script invokes curl via subprocess.run for uploads; SKILL.md does not declare curl as a required binary. This increases the chance of runtime failures and is a minor operational omission rather than a coherence issue.
Credentials: noteNo required credentials are declared. Optional env vars (CLOUDINARY_CLOUD, CLOUDINARY_PRESET, MIXTILES_UPLOAD_URL, MIXTILES_UPLOAD_KEY) align with the functionality. Important privacy note: defaults use Cloudinary 'demo' and an unsigned preset, producing public URLs — user images become publicly addressable unless you configure your own Cloudinary account/preset or a private upload endpoint.
Persistence & Privilege: okThe skill does not request persistent 'always' inclusion, does not modify other skills or system-wide agent settings, and does not store credentials by itself. It runs on-demand when invoked.