Skillv2.0.1

ClawScan security

Publora Threads · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 20, 2026, 1:01 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions clearly require a Publora API key (x-publora-key) but the registry metadata does not declare any required credential or environment variable—this mismatch is the main concern.
Guidance: This skill appears to implement exactly what it says (posting/scheduling to Publora) but it omits a clear declaration of the API credential it needs. Before installing or enabling it: 1) Verify how your agent will supply the Publora API key (ask the publisher to declare a required env like PUBLORA_API_KEY or document usage of a separate 'publora' core skill). 2) Only provide a Publora key you trust—prefer a limited-scope or test account key for initial use. 3) Understand that media will be uploaded to presigned URLs (S3) and content will be sent to api.publora.com; confirm this matches your privacy/compliance needs. 4) If you cannot confirm where the key is stored or how it's protected, treat the missing credential declaration as a red flag and request clarification from the publisher before proceeding.

Review Dimensions

Purpose & Capability: concernThe SKILL.md is narrowly focused on posting/scheduling to Publora's Threads API and the examples match that purpose. However, the instructions explicitly require an API key header (x-publora-key: sk_YOUR_KEY) and reference a separate 'publora' core skill for auth, yet the skill metadata lists no required environment variables or primary credential. Requiring an API key is reasonable for this purpose, but failing to declare it in metadata is an inconsistency.
Instruction Scope: noteRuntime instructions are limited to calling https://api.publora.com and uploading media to presigned upload URLs (S3 PUT to upload.uploadUrl). The instructions do not ask the agent to read files outside media to upload, nor to access unrelated system paths. The only scope issue is that the SKILL.md implicitly expects the agent to have access to the Publora API key (via a core 'publora' skill or env var) which is not declared here.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing is written to disk or installed by the skill bundle itself.
Credentials: concernThe examples require a secret API key header (sk_... style) but the skill metadata does not declare any required env vars or a primary credential. That omission is problematic: the agent will need a secret to operate but the skill does not document how that secret is provided or stored. Additionally, presigned upload URLs will accept uploaded media—this is expected for media posts but worth noting since it sends user data to external endpoints.
Persistence & Privilege: okThe skill is not always-enabled, does not request elevated platform presence, and does not claim to modify other skills or system configuration. Autonomous invocation is allowed (platform default), which is normal for skills.