Back to skill
Skillv1.0.0
ClawScan security
Revenue Coder · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 11, 2026, 11:19 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's claimed capabilities (spawn sub-agents, route to specific LLMs, test and deploy to GitHub/live) do not match what it actually requests or documents — it asks for no credentials, installs, or config yet instructs actions that would require them and gives broad, open-ended authority.
- Guidance
- This skill is suspicious because it tells the agent to do things (spawn sub-agents, route to specific models, test and push code to GitHub or 'live') but declares no credentials or install steps needed to do those things. Before installing or enabling it, ask the publisher for: 1) a clear list of required credentials and why each is needed (GitHub token, model API keys, any exec/shell access), 2) an explicit description of what 'deploy to live' means and what safeguards are in place, and 3) an audit of the generated code and a sandboxed test process. If you still consider using it: only grant minimal, scoped credentials (least privilege), require code review before any push to public repos, run it in an isolated environment, and restrict autonomous invocation or disallow deployment actions until you’ve validated behavior. If the skill’s source/owner cannot be verified, do not give it access to production GitHub tokens, payment/affiliate accounts, or any system where it can publish or run code publicly.
Review Dimensions
- Purpose & Capability
- concernThe description promises autonomous generation, testing, and deployment to GitHub/workspace/live and integration with other services (coding-agent, github, exec, affiliate-master) and models (Claude Opus, Qwen). Yet the skill declares no required environment variables, no required config paths, and no install steps. Deploying to GitHub or invoking external model endpoints normally requires credentials and network config — their absence is incoherent with the stated purpose.
- Instruction Scope
- concernSKILL.md instructs spawning sub-agents, routing tasks to particular models, generating and deploying revenue scripts, and 'self-evolving' code. Those instructions are broad and open-ended, give the agent large discretion (deploy to 'live', measure profit, iterate), and do not constrain what data to read or where to publish. This grants the agent scope to create, execute, and publish potentially abusive or harmful code (scrapers, auto-posters, bounty solvers) without safeguards.
- Install Mechanism
- okThere is no install spec and no code files — the skill is instruction-only, so nothing is written to disk during install. That minimizes install-time risk but also means the skill's behavior depends entirely on runtime agent actions (which are not described in a least-privilege way).
- Credentials
- concernThe skill lists no required environment variables or credentials, yet claims to integrate with GitHub and external LLM providers and to run 'exec'. Deploying or executing code, pushing to GitHub, or routing to external models typically requires tokens/keys and network access. The lack of declared credentials is disproportionate and suggests either missing/hidden requirements or sloppy/misleading metadata.
- Persistence & Privilege
- noteThe skill is not force-enabled (always: false) and allows normal autonomous invocation. Autonomous invocation combined with poorly scoped instructions (spawn sub-agents, deploy to live) increases risk, but autonomous invocation itself is the platform default and not sufficient alone to classify it as malicious.