Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Snyk Agent Scan Compliance
v1.0.0Compliance expert for snyk-agent-scan — the agent skill file scanner — NOT for other Snyk CLI tools (snyk test, snyk code SAST, snyk iac, snyk container). Fi...
⭐ 0· 58·0 current·0 all-time
bySamuel Berthe@samber
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's stated purpose (helping authors remediate snyk-agent-scan alerts) aligns with the install of the snyk-agent-scan tool (uv package). Requiring the snyk-agent-scan binary is coherent. However, the SKILL.md explicitly shows running the scanner with SNYK_TOKEN=<token> (and recommends storing it as a CI secret), yet the skill metadata lists no required environment variables or primary credential. That omission is inconsistent and unexplained.
Instruction Scope
The SKILL.md instructs running snyk-agent-scan (examples: `SNYK_TOKEN=<token> snyk-agent-scan --skills ...`) and tells users to store SNYK_TOKEN as a CI secret. Because there are no code files, the prose is the runtime surface — and it explicitly requires a secret but the manifest doesn't declare it. Otherwise the instructions stay within the stated domain (rewriting skill bodies to avoid W001/W011/W012), and they do not instruct reading unrelated local files or exfiltrating arbitrary data.
Install Mechanism
Install uses a uv package entry for snyk-agent-scan (kind: uv, package: snyk-agent-scan) which is proportionate to the tool's purpose. UV installs are a network fetch of a package; that's expected for a CLI helper. No arbitrary direct-download or extract-from-untrusted-URL patterns are present in the install spec.
Credentials
The SKILL.md clearly requires a SNYK_TOKEN to run the scanner and gives examples using it, but the skill's declared requirements list no environment variables or primary credential. A scanner token is a sensitive secret; the skill should declare it (primaryEnv or requires.env) and justify scope. As written, there is a mismatch between declared and actual secret needs.
Persistence & Privilege
The skill does not request always:true and does not ask to modify other skills or system settings. Allowed-tools are broad but consistent with an authoring/compliance helper. There is no evidence the skill requests permanent elevated presence.
What to consider before installing
This skill appears to do what it says (help authors fix snyk-agent-scan alerts) and installs the snyk-agent-scan CLI, but there is an important inconsistency: the runtime examples require a SNYK_TOKEN secret yet the skill metadata declares no required env vars or primary credential. Before installing, confirm you trust the source of the snyk-agent-scan uv package and ask the publisher to (a) declare the SNYK_TOKEN in the manifest so you can review its scope, or (b) update docs to explain the token's required permissions and how it will be used. Treat the SNYK_TOKEN as sensitive — only provide it via CI secrets or a limited-scope token in a sandboxed environment. Finally, because this is an instruction-only skill (no code files), the SKILL.md is the full runtime surface: review the prose for any additional commands you would not want executed by an autonomous agent and test the skill in an isolated environment first.Like a lobster shell, security has layers — review code before you run it.
latestvk972atjazfm1bysa6racre3m5h84jsdv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔍 Clawdis
Install
uv
Bins: snyk-agent-scan
uv tool install snyk-agent-scan