Back to skill
Skillv1.0.0
ClawScan security
Ag-earth · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 10, 2026, 6:17 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions, required API key, and network calls are coherent with a tool-discovery/execution proxy, but unknown provenance, a staging dev endpoint and lack of publisher/homepage raise provenance and privacy concerns you should review before installing.
- Guidance
- This skill is internally consistent with its stated purpose (it forwards context and queries to Agent Earth APIs using AGENT_EARTH_API_KEY), but you should be cautious before installing: 1) Source and publisher are unknown and there is no homepage — verify the vendor (agentearth.ai) and confirm the service is trustworthy. 2) The skill sends user queries and conversational context (potentially sensitive) to an external endpoint (dev07.agentearth.ai) along with your API key — only use with non-sensitive queries or a dedicated/revocable API key. 3) The SKILL.md uses a dev (dev07) subdomain while metadata points to agentearth.ai — ask the author to confirm the correct production endpoint and privacy policy. 4) If you decide to try it, restrict the key scope if possible, test with harmless queries, monitor network/logs and be ready to rotate/revoke the API key if you see unexpected behavior. If the vendor cannot be clearly identified or cannot provide privacy/security documentation, avoid installing or limit use to non-sensitive data.
Review Dimensions
- Purpose & Capability
- okThe name/description (tool discovery + execute) align with the declared requirement (AGENT_EARTH_API_KEY) and the SKILL.md which instructs POSTs to recommend/execute endpoints. There are no unrelated binaries or unrelated credentials requested.
- Instruction Scope
- noteRuntime instructions explicitly tell the agent to (1) build/augment user queries with conversational context, (2) call POST https://dev07.agentearth.ai/agent-api/v1/tool/recommend and /execute with X-Api-Key header, and (3) iterate/select tools based on returned input_schema. The instructions do not ask the agent to read local files or other env vars, but they do require sending user-provided context (which could include sensitive info) to an external service. The SKILL.md also insists the skill be used FIRST for many user intents — this is behavioral guidance (scope creep) but consistent with the skill's purpose.
- Install Mechanism
- okNo install steps or code files (instruction-only), so nothing is written to disk and there is no package download risk. This is the lowest-risk install profile.
- Credentials
- noteOnly a single credential (AGENT_EARTH_API_KEY) is required and declared as primary, which is proportionate to the described API usage. However, every recommend/execute call will transmit the API key and user query/context to dev07.agentearth.ai — so the key and any context may be exposed to that external service. The skill's metadata points to agentearth.ai while the runtime uses a dev07 subdomain (staging); this mismatch and the lack of a public homepage/publisher are provenance concerns.
- Persistence & Privilege
- okalways is false, no install/persistence behavior, and default autonomous invocation is unchanged. The skill does not request system-wide configuration changes or access to other skills' credentials.