Skillv1.2.0

ClawScan security

Publora Mastodon · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 14, 2026, 11:45 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (post/schedule to Mastodon via Publora) is plausible, but the runtime instructions reference an API key and local file access without declaring required credentials or a dependency on the Publora 'core' skill—this mismatch is worth clarifying before use.
Guidance: Before installing, ask the publisher to clarify how auth is provided: the SKILL.md uses x-publora-key but the skill metadata lists no required credential. Confirm whether you must supply a Publora API key (and how the agent will store/use it) or whether this skill expects a separate 'publora' core skill to provide auth. Be aware that media upload examples read local files (photo.jpg) and upload them to an external uploadUrl — only provide media you trust to be uploaded, and verify you trust api.publora.com and the resulting storage endpoints. If you do not want the agent to access local files or to hold your Publora API key, do not enable this skill until those behaviors are clearly documented.

Review Dimensions

Purpose & Capability: noteName and description match the instructions: the SKILL.md shows how to create/schedule posts and upload media to the Publora API (mastodon.social). However the doc repeatedly shows use of an x-publora-key and refers to a separate 'publora' core skill for auth/scheduling, yet this skill's metadata declares no required env vars, no primary credential, and no dependency on a core skill — an inconsistency.
Instruction Scope: concernThe instructions include direct examples that open local files (open('photo.jpg')) and upload them to an uploadUrl returned by the API. That implies the agent will need filesystem access to read arbitrary user-specified media and will transmit that file to externally-provided upload URLs. The SKILL.md also uses a hardcoded header pattern ('x-publora-key: sk_YOUR_KEY') but gives no guidance in the metadata about where that key comes from.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files — lower disk/write risk. Nothing is downloaded or installed by the skill itself.
Credentials: concernThe runtime examples require an API key (x-publora-key) but the skill declares no required environment variables or primary credential. Either the skill expects the separate 'publora' core skill to supply auth (not declared), or it fails to declare a needed secret. Missing declaration of a required secret is a meaningful incoherence.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated persistence. It does not declare modifications to other skills or global agent settings.