Back to skill
Skillv1.0.0
ClawScan security
Grocy Inventory · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 5, 2026, 2:42 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's behavior matches a Grocy client (local API calls to manage inventory) but the SKILL.md embeds a plaintext API key and mismatches declared requirements, which is unexpected and warrants caution.
- Guidance
- This skill otherwise behaves like a normal Grocy client, but the SKILL.md embeds a plaintext API key and shows $API_KEY without declaring it as a required environment variable. Before installing or enabling: (1) Treat the API key in the docs as potentially sensitive — do not assume it's a harmless placeholder. If it's your Grocy key, rotate it. (2) Prefer the publisher to remove hardcoded keys from the skill and require the user to provide GROCY_URL and GROCY_API_KEY via environment variables or config. (3) Remember the skill's commands are state-changing (consume/add/transfer); if you allow autonomous invocations, the agent could modify your local inventory. (4) If you do not run Grocy on localhost:14611, there's no legitimate reason for the skill to access that URL. Ask the publisher to clarify whether the API key is a sample and to update instructions to not include secrets.
Review Dimensions
- Purpose & Capability
- noteName/description align with the instructions: all commands target a local Grocy instance and perform expected inventory and battery operations. However, the skill includes a hardcoded API key in SKILL.md and references an $API_KEY variable despite the skill declaring no required env vars — this is inconsistent with the stated minimal configuration.
- Instruction Scope
- concernInstructions only call the local Grocy API (http://localhost:14611) and use curl for both read and state-changing operations (consume, add, transfer, charge). That's in-scope for an inventory skill, but the doc embeds a plaintext API key and uses an undefined $API_KEY variable. The presence of a concrete API key in the skill text is unexpected and could expose credentials if it is real. Also note: the skill's commands will modify local state (consume/transfer/add) when invoked.
- Install Mechanism
- okNo install spec and no code files — instruction-only skill. This minimizes disk footprint and reduces supply-chain risk.
- Credentials
- concernRegistry metadata declares no required env vars or credentials, yet SKILL.md shows a specific API Key value and expects $API_KEY in examples. Requesting no secrets but shipping a concrete API key in the documentation is disproportionate and inconsistent. If that key is valid it grants full access to the local Grocy instance; if it's a leaked credential, it should be rotated.
- Persistence & Privilege
- okalways is false and the skill does not request persistent system-level privileges. It will act against localhost endpoints when invoked, which is normal for a local-service integration.