v1.0.0

aicade galaxy skills

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:54 AM.

Analysis

This skill is not clearly malicious, but it needs review because it stores an API key, can overwrite a .env file, and can invoke dynamic paid/payment-related API tools.

GuidanceInstall only if you trust the publisher and AICADE Galaxy base URL. Use a scoped API key, back up or isolate .env before setup, review the exported tool list, and require manual confirmation before any paid, subscription, membership, blockchain, or account-changing invocation.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceMediumStatusConcern

SKILL.md

paid API, membership, subscription, earning, or token-based tool access ... Calls the real platform endpoint with the tool's metadata

The skill can invoke dynamically discovered real platform endpoints for payment/subscription/token-related workflows, but the artifacts do not define explicit approval or containment rules for high-impact invocations.

User impactAn agent using this skill could call paid, subscription, membership, or blockchain-related platform tools if they are exposed by the gateway.

RecommendationReview the exported tool list before use and require explicit user confirmation for any paid, subscription, membership, blockchain, or account-changing action.

Cascading Failures

SeverityMediumConfidenceHighStatusConcern

scripts/setup_env.mjs

const ENV_PATH = ".env"; ... await writeFile(ENV_PATH, serializeEnv(values), "utf8");

The setup script writes a new .env file in the current working directory using only this skill's values, which can overwrite unrelated existing environment settings.

User impactRunning setup from a project directory could remove other .env configuration or secrets needed by that project.

RecommendationBack up .env first, run setup from an isolated skill directory, or modify the script to merge and preserve existing entries.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

scripts/bootstrap.mjs

import { spawnSync } from "node:child_process"; ... spawnSync(command, args, { stdio: "inherit" });

Bootstrap runs local helper scripts during setup; the commands are hardcoded and purpose-aligned, but this is still code execution at activation/install time.

User impactInstalling or first activating the skill can execute included local setup/export code.

RecommendationInspect the included scripts and run bootstrap only when you are ready to configure credentials and export the tool artifact.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

scripts/export_artifact.mjs

const baseUrl = env.AICADE_GALAXY_BASE_URL || env.CLAWHUB_BASE_URL; ... "X-API-Key": config.apiKey

The AICADE API key is attached to requests sent to the configured base URL, including an unexpected CLAWHUB_BASE_URL fallback that is not described in SKILL.md.

User impactIf the base URL is wrong or influenced by an existing environment file, the API key could be sent to an unintended endpoint.

RecommendationVerify AICADE_GALAXY_BASE_URL before running bootstrap/export, avoid unrelated fallback values, and use a minimally scoped API key.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

Use the artifact or `list_tools` result as the source of truth for current services.

The skill persists provider-supplied service metadata as an artifact and tells the agent to rely on it for future tool selection.

User impactRemote service descriptions and schemas can influence what the agent thinks the current tools are.

RecommendationRegenerate artifacts only from a trusted base URL and review the tool names, descriptions, methods, and paths before invocation.