Back to skill
Skillv0.2.2
ClawScan security
Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 24, 2026, 7:01 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill broadly matches its event/ticketing description but contains multiple inconsistencies (missing/extra environment variables, mismatched filenames, and metadata discrepancies) that make its actual requirements and behavior unclear—review before installing or supplying API keys.
- Guidance
- Do not provide API keys yet. Specific suggestions: - Verify the source: the registry lists no homepage; skill.json points to a GitHub repo—confirm the repo and maintainer before installing. - Ask the author to clarify which env vars are actually required (GOOGLE_MAPS_API_KEY, CROSSMINT_* appear in README/skill.json but are not declared in SKILL.md/registry). Only provide the minimum key(s) needed. - Note the usage example references './scripts/tixflow.js' but the code includes scripts/index.js — this mismatch could cause runtime errors or indicate stale/modified packaging; request an updated package or inspect the platform's installed files after install. - The included code is mock/demo-only (no real KYD or Google API calls in scripts/index.js), but comments say 'in production' it would call external APIs; if you plan to enable production mode, review network-call implementations first. - Prefer running in demo_mode or in a sandboxed environment and audit network traffic before supplying real credentials. - If you need the CrossMint or Google Maps features, ask the maintainer to explicitly declare those env vars in the skill manifest and provide justification. Given the metadata and file inconsistencies, treat this skill as untrusted until provenance and required permissions are clarified.
Review Dimensions
- Purpose & Capability
- concernThe skill declares Google Calendar and KYD Labs integration (GOOGLE_CALENDAR_API_KEY, KYD_API_KEY) which is coherent with its description. However other files (README.md and skill.json) reference additional capabilities (Google Maps, CrossMint cNFT minting) and related env vars (GOOGLE_MAPS_API_KEY, CROSSMINT_API_KEY, CROSSMINT_COLLECTION_ID) that are not declared in the registry metadata or SKILL.md requires list. There are also small metadata mismatches (skill.json homepage vs registry 'homepage: none'). These inconsistencies make it unclear what credentials and integrations are truly required.
- Instruction Scope
- concernSKILL.md instructs normal usage and mentions demo mode and an npm googleapis install. But example usage references './scripts/tixflow.js' which does not exist in the package (actual file is scripts/index.js). README instructs creating a .env with extra keys not declared elsewhere. The runtime instructions do not tell the agent to read unrelated system files, nor do the included JS/TS source files perform obvious exfiltration, but the mismatched examples and undocumented env requirements give the agent broad, unclear discretion.
- Install Mechanism
- noteThere is no download-from-URL or extract install; the SKILL.md metadata suggests installing the 'googleapis' npm package and package.json lists it as a dependency. No high-risk external installers or obfuscated download steps are present. Still, the skill is instruction-only in the registry while including code files—installation behavior may depend on the platform's standard 'clawhub install' flow, so verify what gets written to disk.
- Credentials
- concernRegistry and SKILL.md declare only GOOGLE_CALENDAR_API_KEY and KYD_API_KEY, which are reasonable. However README and skill.json list additional API keys (Google Maps, CrossMint, CrossMint collection ID) and tools that imply wallet detection and scraping — none of these extra env vars are declared in the registry 'requires.env'. This mismatch is concerning because the skill's manifest implies it may need more sensitive credentials than the registry advertises.
- Persistence & Privilege
- okThe skill does not request 'always: true', does not claim to modify other skills or system-wide configs, and defaults to normal autonomous invocation. There is no installer that requests persistent system-level privileges in the provided files.