Skillv1.0.0

ClawScan security

Blank Files Gateway · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 16, 2026, 2:56 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill is coherent with its stated purpose (discovering and returning direct download URLs for blank test files), but its always:true flag (force-enabled) is unnecessary and raises privacy/security concerns because the skill will be allowed to run in every agent session and make outgoing requests to external CDNs.
Guidance: This skill appears to do what it says: query blankfiles.com and return direct download URLs for blank binary test files. However, it is configured with always:true which forces the skill to be present in every agent session — increasing autonomous outgoing network activity and exposure to external CDNs. Before installing, consider: 1) Do you trust blankfiles.com and the CDNs referenced (e.g., jsdelivr)? 2) Do you want the skill to be force-enabled, or would you prefer it be user-invocable only? 3) Confirm the agent will only return URLs and not auto-download or execute returned files. If you want to be cautious: disable always:true, install as user-invocable only, or test the endpoints manually (GET https://blankfiles.com/api/v1/status and /api/v1/files) to verify response shapes and that file URLs point to reputable hosts.

Review Dimensions

Purpose & Capability: okName, description, and runtime instructions align: the skill only needs to query blankfiles.com API and return file metadata/URLs. There are no extra binaries, env vars, or unrelated requirements declared.
Instruction Scope: noteSKILL.md is narrowly scoped to calling the listed API endpoints, returning files[].url, and verifying availability. This is read-only and matches the described purpose. Note: verifying availability implies making HTTP requests and returning URLs that point to third-party CDNs (example: jsdelivr). The guardrails forbid fabrication and shell execution, which reduces risk, but the instructions allow the agent to fetch or resolve remote resources.
Install Mechanism: okInstruction-only skill with no install spec and no code files — lowest install risk. References include optional clawhub publish commands, but these are documentation only and not part of runtime behavior.
Credentials: okNo environment variables, credentials, or config paths are requested. The skill's external network access is limited to the listed public API/CDN, which is proportionate to its purpose.
Persistence & Privilege: concernThe skill sets always:true (force-included in every agent run) without justification. That gives it broad presence and increases the chance of autonomous, repeated network calls and exposure of agent activity to external hosts. Most read-only connector skills do not need always:true; user-invocable-only or standard invocation is more appropriate.