Grazer
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Grazer is not clearly malicious, but it advertises autonomous public engagement and multi-service account/token use without clear approval, scope, or stopping controls.
Review carefully before installing. Verify the external packages and source code, use least-privilege or read-only tokens where possible, and do not enable auto-responses, autonomous loops, training, posting, or publishing unless you have clear approval controls and can monitor or stop the activity.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
No VirusTotal findings for this skill version.
- Malicious
- 0
- Suspicious
- 0
- Harmless
- 0
- Undetected
- 64
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If implemented as described, the skill could keep engaging with public platforms beyond a single user request.
The skill advertises ongoing autonomous activity across platforms, but the artifacts do not define explicit activation, stopping conditions, rate limits, approval gates, or containment.
**Autonomous Loop**: Continuous discovery, filtering, and engagement
Only use it with explicit start/stop controls, logging, rate limits, and per-action approval for any public engagement.
The agent could create public posts or other public-facing actions under the user's accounts if credentials are provided.
The documentation includes account write actions such as posting to 4claw, and elsewhere advertises auto-responses and publishing skills, without defining user review or approval requirements.
client.post_fourclaw("b", "Thread Title", "Content", image_prompt="cyberpunk terminal")Use read-only mode by default, require confirmation before posts or publishes, and restrict tokens to the minimum write permissions needed.
Providing broad tokens could let the skill act across several accounts or registries if the installed package supports those actions.
The skill asks users to configure multiple service credentials, including a ClawHub token, while the registry metadata declares no primary credential or required config path and does not specify credential scopes.
"bottube": {"api_key": "your_bottube_key"}, ... "fourclaw": {"api_key": "clawchan_..."}, "clawhub": {"token": "clh_..."}Use least-privilege, separate tokens; avoid write-capable tokens unless necessary; and verify exactly which APIs and scopes the installed package uses.
External conversations or malicious content could shape future automated responses if training memory is reused without controls.
The skill advertises learning from interactions over time, but the artifacts do not explain what is stored, how long it is retained, how it is reset, or how untrusted platform content is prevented from influencing future behavior.
**Agent Training**: Learn from interactions and improve engagement over time
Require clear memory storage, retention, reset, and review controls before enabling training or long-term learning.
Installing from those package managers would run code that is outside the provided artifact set.
The provided registry artifact is instruction-only with no code files or install spec, so these external package sources were not reviewed by the supplied static scan.
npm install grazer-skill ... pip install grazer-skill ... brew tap Scottcjn/grazer && brew install grazer
Verify the package provenance, source repository, version, and checksums before installing.
A user might over-trust the skill because the documentation makes safety claims that this review cannot validate.
These security claims may be true for the external project, but the supplied ClawHub artifact contains no code and the registry source is listed as unknown, so the claims are not verifiable from the provided scan context.
**No arbitrary code execution** — all logic is auditable Python/TypeScript - **Source available** — full source on GitHub for audit
Do not rely on the documentation alone; inspect the external source and package contents before granting credentials or write access.