Back to skill
Skillv2.0.3
ClawScan security
PaperPod · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:23 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's instructions, capabilities, and required inputs are consistent with a service integration for remote sandboxed code execution; the main operational risks are installing an external npm CLI and exposing services/data to paperpod.dev (normal for this kind of tool).
- Guidance
- This skill appears to honestly document a remote sandboxing service. Before installing or using it: verify the upstream project (paperpod.dev) and the npm package @paperpod/cli to ensure you trust the publisher; avoid installing global packages you haven't vetted; be careful where you paste the returned token (PAPERPOD_TOKEN) and do not reuse sensitive credentials in the sandbox; when using ppod expose or running servers, assume the bound port will be publicly reachable — do not expose private data or use production secrets. Consider testing with a disposable account/limited credits and review the service's privacy/billing terms before storing any sensitive information.
Review Dimensions
- Purpose & Capability
- okThe name/description (remote sandbox, browser automation, previews, AI, persistent memory) match the SKILL.md contents and examples. All commands and endpoints documented (execute, files, browser, ai, expose, memory) are coherent with the described purpose; no unrelated cloud credentials or out-of-scope capabilities are requested.
- Instruction Scope
- noteRuntime instructions stay within the advertised scope (use the PaperPod CLI or HTTP API to run code, start processes, expose ports, use browser automation, and read/write small persistent memory). However, the docs explicitly instruct obtaining a token via paperpod.dev/login, installing a global npm package, and creating public preview URLs and long-running processes — these are expected for the service but carry operational implications (public exposure of bound ports, potential hosting of arbitrary code). The SKILL.md does not instruct the agent to read unrelated local secrets, but it does show using PAPERPOD_TOKEN and per-request auth headers.
- Install Mechanism
- noteThe registry metadata contains no install spec (instruction-only), but the README recommends installing @paperpod/cli globally via npm. Installing a global npm package is a moderate-risk action (runs code from the public npm registry, may have install scripts). Network operations (curl to paperpod.dev) are required to obtain auth tokens. These are expected for this integration but should be performed only after verifying the package and domain.
- Credentials
- noteThe registry metadata lists no required env vars, yet SKILL.md examples rely on a PAPERPOD_TOKEN (pp_sess_...) for authentication and show using it in headers/env. Requiring a single service token is proportionate to the described functionality, but the discrepancy between declared requirements (none) and documented usage (PAPERPOD_TOKEN) is an inconsistency the user should note.
- Persistence & Privilege
- okThe skill does not request always:true and does not claim system-wide privileges. It documents persistent memory (10MB R2) and the ability to expose public URLs — these are natural features of the service but mean data and running processes can be reachable externally. The skill itself does not request elevated agent privileges beyond normal invocation.