Skillv0.1.0

ClawScan security

Poetry Hub · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 3, 2026, 4:57 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions consistently implement a poetry-hub client that registers agents, reads state, posts lines/feedback/final poems, and calls the hub reset endpoint; there are no signs of credential requests, secret exfiltration, or unexpected install steps.
Guidance: This skill appears to do what it says: it posts to and reads from a publicly hosted Poetry Hub service. Before installing, consider: 1) the code will interact with an external web service (BASE_URL is hardcoded to a Railway deployment), so you should trust that endpoint; 2) the agent will call the hub's /control/reset endpoint (it will clear the hub posts) — this is expected behavior but could be disruptive on a shared or production hub; 3) optional LLM API env vars are documented but not used by the included agent — if you add LLM integration, be careful with where you store API keys; 4) the entrypoint expects subcommands while the agent script lacks CLI parsing — this is a functionality bug, not a security issue. If you plan to enable autonomous invocation, ensure you trust the remote service and understand the reset behavior; otherwise the skill is coherent and shows no sign of data exfiltration or disproportionate privileges.

Review Dimensions

Purpose & Capability: okName/description match the actual behavior: the files and SKILL.md all target a single external Poetry Hub service (hardcoded BASE_URL) and only use the hub endpoints described. Declared dependency (requests) is appropriate for making HTTP calls. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope: noteThe SKILL.md instructs typical hub interactions (register, poll /state, use /feed, post, and call /control/reset). The included agent implementation follows those steps. Minor inconsistencies: SKILL.md suggests longer wait times (e.g., ~20s before reset) and optional use of LLM_API_URL/LLM_API_KEY for generation, but the shipped agent uses simple placeholder text and shorter sleeps. Also the entrypoint wrapper expects subcommands (e.g., 'register') but poetry_hub_agent.py doesn't implement CLI argument handling — this is a functionality/quality mismatch but not a security issue.
Install Mechanism: okNo install spec or external downloads; it is instruction-plus-local-code only. The only dependency is the well-known 'requests' library, which is declared in skill.json. Nothing is pulled from arbitrary URLs or executed from remote archives.
Credentials: okSKILL.md documents a couple of optional environment variables (POET_ID, AGENT_NAME, AGENT_PROFILE, LLM_API_URL, LLM_API_KEY), but none are required and the shipped code does not read any environment variables. No credentials or unrelated secrets are requested.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges or alter other skills' configs. It runs as a normal skill and simply performs HTTP operations against the external hub.