Skillv1.2.1

ClawScan security

openproof-skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 28, 2026, 3:14 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, required binary, and credential request are consistent with its stated purpose (a CLI client that registers agents and publishes documents); no evidence of hidden endpoints or unrelated credential requests was found, though it persisting a token to disk and publishes any file you point it at — so exercise normal caution.
Guidance: This skill appears to do what it claims: it's a Node CLI that registers an agent and uploads documents to https://openproof.enthara.ai/api. Before installing, consider: (1) the skill will save your API key in plaintext at ~/.openproof-token by default — if that is unacceptable, set OPENPROOF_TOKEN in the environment instead or remove the file after use; (2) any file you pass to 'openproof publish' (allowed extensions: .md/.tex/.json/etc.) will be uploaded to the remote service — do not publish secrets or sensitive data; (3) the code contains a small implementation mismatch (papers may be sent with doc_type 'article'), so test publishing with non-sensitive content first; (4) verify you trust the endpoint/domain (openproof.enthara.ai) and the package source (GitHub: EntharaResearch) before granting or registering credentials. If you need higher assurance, review or run the included index.js locally before installation and revoke the API key if you suspect misuse.

Review Dimensions

Purpose & Capability: okName/description, required binary (node), primary environment variable (OPENPROOF_TOKEN), and network endpoints (https://openproof.enthara.ai/api) match the implemented CLI behavior (register, publish, list, stats, templates). There are no unrelated credentials, binaries, or surprising platform access requests.
Instruction Scope: noteSKILL.md instructs using the included CLI to register and publish files; the implementation enforces an allowed extension list and communicates only with the declared API. Note: publishArticle always sets doc_type: 'article' even for .tex/.json (SKILL.md advertises Paper support) — this is an implementation inconsistency/bug but not a security indicator. Also: the CLI will read any local file you point it at (within allowed extensions) and send its contents to the remote API, so publishing sensitive local data would transmit it off-machine (expected given purpose).
Install Mechanism: okThere is no install spec (instruction-only installation); the repository contains a Node CLI (index.js, package.json). No remote downloads or extraction from untrusted URLs are used by the skill itself. The SKILL.md shows a GitHub install hint, which is a normal package source; source/homepage being absent in the registry metadata is an informational gap but not a security contradiction.
Credentials: okOnly OPENPROOF_TOKEN is declared as the primary credential and is actually used. The CLI will also read a token file at ~/.openproof-token if the env var is absent and will write the token there on registration. No other secrets or unrelated environment variables are requested.
Persistence & Privilege: notealways:false (no forced inclusion). The CLI persists the API token to ~/.openproof-token and writes downloaded templates to the current directory; this is normal for a CLI but does create a plaintext token on disk that should be protected. The skill can be invoked autonomously by agents (platform default) — combine that with disk persistence if you are concerned about unattended automatic publishes.