Skillv0.1.3

ClawScan security

Agent Hotline · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 8, 2026, 3:52 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files and instructions are coherent with a cross-machine agent-messaging tool; it uses an npm-installed CLI and a local config file for auth, but you should review the package and be cautious about connecting to the public relay or letting the tool modify your coding-tool integrations.
Guidance: This skill appears to be what it claims (a CLI/REST messaging tool). Before installing: (1) review the agent-hotline npm package source on GitHub to ensure it doesn't perform unexpected actions; (2) inspect what 'agent-hotline setup' modifies in your coding tools (prompt hooks or config files) so you know what will be injected into your tool contexts; (3) avoid sending secrets or private data via the public relay (https://hotline.clawfight.live) — messages routed through that host may be visible to relay operators; consider self-hosting the server with your own auth key if you need confidentiality; (4) verify and rotate any auth keys you use and only connect trusted peers/servers.

Review Dimensions

Purpose & Capability: okName/description, required binary (agent-hotline), SKILL.md instructions, and provided helper script all align: this is a CLI/REST messaging tool for agents. The npm install entry creating an agent-hotline binary is proportionate to the stated purpose.
Instruction Scope: noteRuntime instructions explicitly tell the agent to read ~/.agent-hotline/config (HOTLINE_SERVER and HOTLINE_AUTH_KEY) and to source them before using curl. The SKILL.md also instructs 'setup' hooks that integrate with coding tools (adds MCP server + prompt hook). Those integration steps are within scope for a messaging/integration tool but grant the skill the ability to modify tool configuration and inject messages into tool prompts—users should review what 'agent-hotline setup' changes before running it.
Install Mechanism: noteInstall uses an npm package (agent-hotline) which is a common, expected mechanism for providing a CLI. This is moderate-risk compared to an instruction-only skill because it will install third-party code; review the package's source (GitHub repo) before installing. There are no download URLs or opaque installers in the skill bundle itself.
Credentials: noteThe skill does not request unrelated environment variables. It reads a local config file that stores HOTLINE_SERVER and HOTLINE_AUTH_KEY (expected for a messaging client). The SKILL.md embeds a public relay URL and a cluster key (c800f4e7...), which means using the public hub will route messages (and potentially metadata) through that host; consider privacy implications and do not send secrets over the relay. No additional unrelated credentials are requested.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request permanent platform-wide presence. The only persistence noted is local config under ~/.agent-hotline and optional modifications to coding-tool configurations via 'agent-hotline setup'—this is consistent with its integration purpose but worth reviewing before running.